To listen to the full podcast and read the transcript, visit Cyber Security Today: Week in Review
Howard Solomon: Joining us now from Montreal is Terry Cutler.
Let’s start with the Microsoft report on Russian cyber activity against countries supporting Ukraine. The report has two themes: Russian intelligence agencies are increasing their espionage activities against governments such as the U.S. and Canada. The other is a warning to expect that Russian groups’ ongoing propaganda campaigns to sow misinformation in countries on a few issues, such as COVID-19, will be used to support Russia’s version of why it attacked Ukraine and undermine the unity of its allies. What did you think when you read this report?
Terry Cutler: It’s clear that the bad guys have it together. These guys are co-ordinating; they are talking to each other. This report screams that we need a more coordinated, comprehensive strategy to work together. It will require the public and private sectors and maybe even non-profits to work together. But here’s a challenge: We’ve been saying this for years the forensics guys aren’t talking to the pen testers, the pen testers aren’t talking to the CISOs, and there are no compliance pieces. We need to have a more collaborative approach that would stop these attacks because if you look at information security today, it’s easy to see that many of the techniques used for defence are between not working and barely working at all. That’s why it will require more collaboration with folks like the telecom companies, Microsoft and Cisco because they have so much visibility into what’s happening on the network
Cyber Security Week in Review continues
Howard: Cyberwar in terms of data theft and espionage against the government and non-government agencies isn’t new, nor is the use of misinformation. Are the public and private sectors in North America prepared for these kinds of attacks?
Terry: It’s going to be very, very difficult. We can’t do it alone — most companies don’t have the time, money or resources to deal with this stuff. Not to mention there are so many attacks flying at us from various locations simultaneously. And, of course, we don’t control social media platforms, so we can’t block these misinformation ads. So, we’re going to need a more collaborative approach. We’re going to need a centre of excellence where the top senior cyber security guys can collaborate and push this information down to governments, not-for-profits, and small businesses on how to protect themselves.