Cybersecurity Awareness Month is over, but our blog posts and our INTRASEC podcast still stand. And Forensik like to share our expertise and offer you privileged interviews with specialists in cybersecurity and incident response. This week, we have the pleasure to share with you a new and final episode of Season 1.
We had the honor to welcome among our guests, Steve Vaillancourt, instructor at the Learning Hub at the Canadian Center for CyberSecurity. We discussed the best practices to adopt in the event of an incident and especially how to prevent rather than cure. From accountability to awareness, he explained to us the cybersecurity posture of the Canadian government and how the latter wants everyone to be able to increase their cyber-resilience in the face of innovations and our dependence on new technologies.
Preparation: the basis for effectively managing an incident
It’s no longer a secret. Preparing to be ready in the event of an attack is the foundation of good cybersecurity incident management. Moreover, our previous guests Benoît Dupont and Me Jean-François De Rico had already highlighted it during our interviews. And that’s why we organize the Forensik Conference every year.
For this, Steve Vaillancourt recommends:
- empowering teams, assigning a role to each in the management of a security breach;
- being able to know your computer park, its networks and operating systems to gain time and minimize the impacts;
logging and automatically monitoring activities in order to detect potential threats;
- making employees aware of the risk, how not to be afraid to admit mistakes, how to report a suspicion;
- having the right ones partners for remediation to reduce consequences;
- and doing a post-mortem with the leaders, administrators and managers of the IT teams, in order to ask the right questions about the procedures put in place, the communication during the incident and how to improve.
He finds that very often:
- the documentation is not up to date;
- communications were poorly made;
- there was a misunderstanding of the procedures;
- there were insufficient manpower to manage the incident;
It is therefore necessary to correct for the next time.
How to integrate security into operations?
Steve Vaillancourt regrets that security is often seen as a brake on operations. But the two go hand in hand. This duality aims to guarantee security in operations in order to reduce the risk of a security breach.
For example the management of passwords which is a weakness in most organizations. Why? Security wants long, complex, and unique passwords, while users want simple, easy-to-remember passwords. Security requirements then become constraints for them.
That is why Mr. Vaillancourt advocates more convenient security, such as offering automated solutions to authenticate users, in order to have a positive impact on them and a better acceptance of security in their operations.
What is the role of the Canadian Center for Cybersecurity?
The Government of Canada wants to inform, educate and empower individuals on cybersecurity issues.
The mission of the Canadian Cybersecurity Center is to empower every citizen to play a role in security. To do this, it provides many resources accessible to all.
The Center believes that the national cybersecurity strategy is a team effort and that everyone should get involved and adopt a cybersecurity posture to safely enjoy new technologies in the public and private spheres.