An interview with three of Canada’s leading cybersecurity experts on how to stay ahead of emergent threats to our democracy
With politically polarizing elections in Ottawa and Edmonton just around the corner, the direct correlation between technology, privacy, economics and democracy has never been clearer or more profound. Any Canadian political operation that views democracy as an infallible right of passage may well find itself in the dustbin of Canadian political history. And even the most cynical and apolitical Canadian citizen might agree that the future of our brave country will look much different, depending on whether Rachel Notley or Jason Kenney are driving the engine of Alberta and Canada’s so-called future economy.
To date, Canadians have seemed relatively powerless against technological assaults to our democracy. Public education of the ongoing threat is moving orders of magnitude slower than those actors perpetrating it. Those who seek to destabilize our elections deal with politically polarizing topics that have a natural constituency. Attempting to separate fact from fiction in this realm is a very tricky grey area — for social media, the government and the citizen alike.
In an effort to move the conversation from one of reaction to proaction, I sat down with Robert Herjavec, Founder and CEO of global cybersecurity firm Herjavec Group, Jason Hermitage, Vice President of Public Sector at Microsoft Canada and Bryan Rutledge, Canadian Country Manager at McAfee, to find out what citizens, governments and political parties can do to protect against the potential ethical and societal risks of this emerging threat.
How do businesses and governments defend themselves against an actor with unlimited resources, tech-savvy agents and an unwavering focus on destabilizing western democracies?
‘At any given moment, public opinion is a chaos of superstition, misinformation and prejudice.’— Gore Vidal, contemporary American writer
Threats to our democratic processes from cyber-enabled interference have become a critical concern. Addressing this threat to democracy will require significant new efforts by governments, technology companies — both individually and in partnership — as well as academia and civil society.
We, as an industry, need to acknowledge that there is no single step by itself that will be sufficient to address this problem. Each of our companies can continue to do more to protect and defend our customers around the world. But in addition, we believe the time has come to call on the world’s governments to come together, affirm international cybersecurity norms that have emerged in recent years, adopt new and binding rules and get to work implementing them.
Social media has proven to be a very profitable engine for disseminating disinformation on a mass scale. Should the Canadian government follow the lead of the European Union and the introduction of their GDPR privacy legislation to try and contain the mass proliferation and monetization of personal data?
While much of the attention around GDPR is focused on penalties, the advantage it brings will be the need for organizations to implement a comprehensive data management program. Clearly there is a need for robust data protection regardless of regulatory compliance requirements. Experience tells us that organizations must make efforts to improve data resiliency and implement contingency programs to ensure availability of their data following catastrophic events. A key success factor for a comprehensive data management program is the active and genuine participation of end users to understand the importance of the organization’s data, how it is used and how important it is to protect it.
How can consumers protect themselves against digitally weaponized psychology to ensure that they don’t fall victim to campaigns of disinformation and manufactured political bias?
This one’s simple to me — if you didn’t enter a lottery you didn’t win it, no one from Russia wants to marry you all of a sudden and you’re not going on a vacation for free — so don’t click! We have to mature as a population to the click bait, social engineering scams and of course weaponized psychology, as you put it, that can distort our beliefs and make us vulnerable to cyber attacks.
We all know humans are the weakest link in any enterprise, so as business leaders, it’s our responsibility to limit access to select sites or tools that are traditionally weak in security; and make our people more aware of cyber risks through regular training and tests. Again, security isn’t perfect, but we can improve and learn because security is everyone’s responsibility.
Robert Brennan Hart is the CEO of The Canadian Cloud Council.
Content produced by advertiser. The Globe and Mail was not involved in its creation.