Advertisement 1

Cyber warfare the 'next frontier,' execs warned at Banff biz forum

Many corporations remain unaware of the threat a potential cyber attack poses to their organizations until it is too late, executives at a business conference in Banff were warned Thursday.

Article content

Many corporations remain unaware of the threat a cyber attack poses to their organizations until it is too late, executives at a business conference in Banff were warned Thursday.

Microsoft’s Chris White told the crowd at the 2018 Global Business Forum that cyber warfare represents the “next frontier” for organized crime, state-sponsored espionage, hacktivists, and anarchists. But many companies remain blissfully ignorant of the risks, only finding out after an attack has been successful that their proprietary technology, financial information or customer data has been exposed.

Advertisement 2
Story continues below
Article content

White, whose team develops software for data analysis aimed at helping to fight digital crime and worldwide tech scams, pointed to U.S. energy giant Marathon Oil, which was subject to a series of sophisticated cyberattacks in 2008. The attacks, which originated from Chinese servers, targeted company-held information about oil deposits. But Marathon didn’t realize it had been attacked until it was alerted by the FBI in 2009.

Article content

White also pointed to a Canadian example, Nortel Networks.

“There were no reports of holes or bullet holes in Nortel — and then it turned out the company had been infiltrated for a decade and then it fell to pieces,” White said. “There are many, many examples like this where after the fact . . . only then do you find out there was hacking.”

Dr Chris White, Principal Reasearcher and Partner, Microsoft presents during a session during the 2018 Global Business Forum at the Fairmount Banff Springs in Banff, Alberta on Thursday, September 27, 2018. Jim Wells/Postmedia
Dr Chris White, Principal Reasearcher and Partner, Microsoft presents during a session during the 2018 Global Business Forum at the Fairmount Banff Springs in Banff, Alberta on Thursday, September 27, 2018. Jim Wells/Postmedia

The global risk posed by cyber warfare means if companies are not talking about the issue at the C-suite and board level, they should be, said Janice Hamby, a retired U.S. Navy rear admiral and past chancellor of the United States National Defense University College of Information and Cyberspace.

Hamby told the Banff audience that although executives are not required to be technical experts when it comes to cybersecurity, they are responsible for knowing the risks and demonstrating leadership by taking steps to mitigate them. Executives have a responsibility to their shareholders and customers to take simple protective measures, including making sure all devices connected to company networks are accounted for and available security patches are installed.

Advertisement 3
Story continues below
Article content

Executives should also be aware of where the “crown jewels” of their company — the valuable proprietary information and customer data — are stored on the network and where all the access parts to that information are. And they should understand how company information systems are backed up and how the information would be recovered in the event of an attack.

Janice Hamby, Past Chancellor, US National Defense University College of Information and Cyberspace presents during a session during the 2018 Global Business Forum at the Fairmount Banff Springs in Banff, Alberta on Thursday, September 27, 2018. Jim Wells/Postmedia
Janice Hamby, Past Chancellor, US National Defense University College of Information and Cyberspace presents during a session during the 2018 Global Business Forum at the Fairmount Banff Springs in Banff, Alberta on Thursday, September 27, 2018. Jim Wells/Postmedia

Companies also need to encourage employees to come forward if they notice something unusual on the network, Hamby said.

“You need to have a culture that is ready to accept and hear from someone who says, ‘I clicked on an email that I shouldn’t have,’ ” she said. “Because the faster they’ll report that sort of thing, the faster you can clean it up.”

Finally, Hamby said even if companies haven’t yet experienced a significant cyber attack, they should have a response plan ready for when they do. They need to be able to communicate to clients, shareholders and the public what happened, what the damages are and how it is being remedied.

“There are two kinds of organizations. Those that have been penetrated and those who don’t know they’ve been penetrated,” Hamby said. “So you need to have a response ready to go, you need to rehearse it and you need to have senior leadership be part of those rehearsals.”

The theme of this year’s Global Business Forum is “Seizing Opportunities While Managing Risk.” The forum continues Friday at the Fairmont Banff Springs.

astephenson@postmedia.com

Twitter.com/AmandaMsteph

Article content
Comments
You must be logged in to join the discussion or read more comments.
Join the Conversation

Postmedia is committed to maintaining a lively but civil forum for discussion. Please keep comments relevant and respectful. Comments may take up to an hour to appear on the site. You will receive an email if there is a reply to your comment, an update to a thread you follow or if a user you follow comments. Visit our Community Guidelines for more information.

Latest National Stories
    This Week in Flyers