Cyber threats are in the news, reports of ransomware and/or data breaches have only recently been outpaced by A.I. news, however, most of the marketing and consulting solutions that hit your email these days still seem to be about Cyber.
It seems that most organizations are recognizing the very real threat and challenging their Business Risk and Security teams to extend and/or put controls in place, especially as Governments have started to step in and mandate in some areas. The Canadian Government has published and mandating controls via guidelines for federally regulated financial institutions, as in this publication; OSFI releases final Guideline B-13 – Technology and Cyber Risk Management (osfi-bsif.gc.ca).
In the case of the OFSI guidelines, they are driving Security Teams to build plans and responses that are very much integrated with business risk & operating activities and plans. This means that the traditional relationship of security being an area just outside of IT that provides expertise and services, while enforcing rules and/or controls, must change to an area of expertise that is at the table and driving risk and operating plans.
The good news is that these federally regulated organizations in Canada are likely well on their way with integrated plans for governance and control, hopefully we will see the benefits of this model and it will spread across all organizations focused on stepping up their game around Cyber Security.
Barry Dawson
