Hashtag Trending – Breaches reported by law; Trudeau’s cyber security plan

Get ready for reporting breaches of your security safeguards if you’re covered under federal law; the Trudeau government will release the latest federal cyber security plan and be prepared for more imaginative cyber attacks.

For 2018 – indeed for the foreseeable future – cyber attacks are only going to get worse in every country. In Canada the federal government will have a say in how many institutions will react. First, the government won’t delay much in implementing proposed data breach reporting requirements it proposed in September. The government has been reviewing reaction to the proposals since the beginning of October. Some organizations want Ottawa to hold off for as long as 18 months to give the private sector time to get ready, but given the headline sensitivity of breaches I don’t think it will. Look for the government to give no more than six months notice, meaning the new regime will kick in around June 1. Organizations have already had three months to look over the proposed regs, which aren’t onerous. They require firms to report breaches of security protocols to the federal privacy commissioner and to affected parties, and maintain records of all breaches for a two-year period .

My second prediction is the new federal national cyber security strategy will have some tools and incentives for all organizations to beef up their cyber security efforts. Look for more intensive federal help in the 10 critical infrastructure sectors – ranging from banks to the food industry – to adopt best practices. For small and medium businesses, Public Safety Canada’s cyber website may be re-organized and deepened to give SMBs a better one-stop shop for resources. It may even be given a more memorable name, like the Canadian Cyber Security Centre. And there will be support for making Canada a leading country for cyber security providers and startups.

Finally, the bad news: Cyber attacks will only get worse. That means more ransomware and destruction-ware, DdoS attacks, blended attacks, bigger IoT botnets. Security vendors will tout machine learning and artificial intelligence to either give more automated responses to attacks or to help security teams consider their responses to attacks. Much of that is hype. AI still isn’t mature. As always, those organizations that have tough identity and access control, vulnerability management and segregated networks protecting valuable data will be the most prepared.

That’s what will trend next year. Hashtag Trending is produced by IT World Canada. Today’s episode is sponsored by Cogeco Peer 1, the company that enables businesses to unlock their IT potential. Learn more at CP1.com.