Connect with us

Technology

Canadian banks hire ‘ethical hackers’ to improve and test cybersecurity

Editor

Published

on

[ad_1]

Hackers are targeting Toronto-Dominion Bank’s internal systems at all hours using cutting-edge techniques, but the bank’s head of cybersecurity isn’t losing sleep over them — they work for him, after all.

The bank established late last year an in-house “red team” of ethical hackers — cybersecurity professionals who attempt to hack a computer network to test or evaluate its security on the owners’ behalf — who conduct live attacks against its own networks continuously, said Alex Lovinger, TD Bank’s vice-president of cyber threat management.

“We’re doing it exactly how our adversaries would do it … So if we find a weakness or something like that, we can close it or address it before a real attacker,” he said.

Canada’s biggest banks are fortifying their defences by hiring their own ethical hackers to test their systems as the frequency and sophistication of cybercrime increases.

A Senate report last month entitled “Cyber assault: It should keep you up at night,” sounded the alarm about the potential consequences of major cyberattacks in Canada.

“While some progress has been made federally in the past year, there is much more that the federal government and Canadians must do to protect ourselves,” said the report of the Standing Senate Committee on Banking, Trade and Commerce. “We must take the appropriate steps now, or soon we will all be victims.”

Bank of Canada governor Stephen Poloz has also raised concerns about a cyberattack.

In 2017, 21 per cent of Canadian businesses reported that they were impacted by a cyber security incident which affected their operations, according to Statistics Canada. Banking institutions, not including investment banks, reported the highest level of incidents at 47 per cent, followed by universities and the pipeline transportation sector, according to the agency.

Thousands of Simplii Finanicial customers may have had their personal and financial data compromised by cybercriminals in May. (CBC)

New regulations that require Canadian businesses to alert their customers about privacy breaches or face hefty fines took effect at the beginning of this month.

BMO, Simplii Financial breach

In May, the Bank of Montreal and the Canadian Imperial Bank of Commerce’s Simplii Financial digital banking brand said thousands of their customers may have had their personal and financial data compromised.

BMO said hackers contacted the bank claiming to be in possession of the personal data of fewer than 50,000 customers, and that the attack originated outside of Canada. At the same time, Simplii also warned that “fraudsters” may have accessed certain personal and account information for about 40,000 clients.

BMO’s chief executive Darryl White said he could not comment on the details of the privacy breach, as an ongoing investigation is underway, but noted there was a “very immaterial impact from a fraud perspective” and no material financial fallout.

“We are a lot smarter as every event goes on. And there are events every day; there are events every hour of every day…. It’s a continual improvement exercise,” White told reporters after the bank’s recent investor day.

Meanwhile, BMO is also turning to in-house ethical hackers to test their systems. According to a recent job posting, BMO is seeking a senior manager with a certification in ethical hacking and whose responsibilities include managing a team of “network penetration testing” specialists.

CIBC did not respond to questions about whether it utilizes ethical hackers.

“We leverage internal and external expertise, and work closely with industry and government to enhance cyber security resilience, threat intelligence and best practices,” a spokeswoman said in a statement.

Alberta-based bank ATB Financial in a recent job post said it was recruiting a “senior penetration tester” with ethical hacking experience. An ATB spokeswoman said the posting is to fill a recently vacated role.

The Bank of Nova Scotia also established its own in-house “red team” of hackers to test its defences, said its chief information security officer Steve Hawkins.

Hackers now sit on a wealth of information … that they can now leverage to do more targeted attacks– Steve Hawkins, Bank of Nova Scotia chief information security officer

“Scotiabank has used and continues to use third-parties to handle this penetration testing. However, because the volume of global cyber threats has significantly risen, the Bank wanted to have its own capabilities in-house and created its own red team this year,” he said.

With the string of data breaches in recent years, what does worry TD’s Lovinger is the cumulative amount of data that has been exposed.

“Hackers now sit on a wealth of information … that they can now leverage to do more targeted attacks,” he said.

Royal Bank of Canada has had in-house ethical hacking capabilities for a few years now, as part of its cybersecurity program, said Adam Evans, the bank’s vice-president of cyber operations and chief information officer.

“We want to make sure that we are testing our defences to make sure they stay relevant,” he said.

RBC has been upping its cybersecurity budget and adding to its team annually. It now has roughly 400 cybersecurity professionals, up 50 per cent from three years ago, but a talent gap looms, Evans said.

Tech labour shortage

Demand for talent in Canada is climbing by seven per cent annually and there will be more than 5,000 roles to fill between 2018 and 2021, according to Deloitte. By 2022, the cybersecurity workforce gap is expected to reach 1.8 million, it said.

As of October, there were 1,024 cybersecurity vacancies for every million Canadian job postings, up five per cent over the past year, according to Indeed Canada. That’s up 73 per cent since the beginning of 2015, said Brendon Bernard, an economist for the job search platform.

Meanwhile, several Canadian banks have made recent investments in research or capabilities abroad or in universities at home to tap cybersecurity talent. For example, TD opened a cybersecurity-focused office in Tel Aviv, Scotiabank announced a partnership with an Israeli cybersecurity company and RBC made an investment in research at Ben-Gurion University.

“With the talent gap in cyber, it’s something that organizations are going to have to address,” said Evans. “Because there is just not enough qualified people out there.”

[ad_2]

Source link

قالب وردپرس

Technology

The ‘Maple Majestic’ wants to be Canada’s homegrown Tesla

Editor

Published

on

By

Look out Tesla, Canada has a homegrown electric sedan on the way. Well, that’s if AK International Motor Corporation can drum up enough investment to make its EV a reality. Dubbed the “Maple Majestic,” the vehicle is a battery-electric designed to “excel in extreme climate performance without adversely affecting the climate, as befits a vehicle from Canada,” according to its website.

What’s in a name? — The company says the maple leaf is a “symbol of Canada’s warmth and friendliness towards all cultures,” while “majestic” refers to the country’s “status as a Constitutional Monarchy.”

That patriotism carries over into Maple Majestic’s parent company’s lofty goals. AK Motor founder Arkadiusz Kaminski says he wants the company, which he founded in 2012, to become “Canada’s first multi-brand automotive OEM,” and that the “Maple Majestic is intended to be Canada’s flagship brand of automobiles on the world stage.”

Partnerships are key — “We acknowledge that the best chance for the Maple Majestic brand to succeed, lies in continuing to build the relationship with Canada’s parts suppliers and technological innovators, whether they be academic institutions, corporations, or individual inventors,” the company explains. “We are currently seeking partners in automotive engineering, parts manufacturing, automotive assembly, electric propulsion technology, battery technology, autonomous technology, and hybrid power generation technology.”

In other words, don’t expect to be able to buy a Maple Majestic any time soon… and don’t expect to pour over 0-60 mph times, power output, range, or other key stats, because those don’t currently exist. For now, all we have are pictures and a short video clip. But at least those are arresting.

Continue Reading

Technology

PE-backed Quorum Software to merge with Canadian energy tech firm

Editor

Published

on

By

Houston-based energy technology company Quorum Software will merge with a Canadian tech firm to bolster its presence in oil and gas services.

Quorum announced Feb. 15 it plans to merge with Calgary, Alberta-based Aucerna, a global provider of planning, execution and reserves software for the energy sector. The combined firm will operate under the Quorum Software brand.

Gene Austin, CEO of Quorum Software, will continue in his capacity as chief executive of the combined firm. Austin, former CEO of Austin-based marketing tech firm Bazaarvoice Inc., became CEO of Quorum in December 2018.

Aucerna co-founder and CEO Wayne Sim will be appointed to the Quorum Software board of directors. Both companies are backed by San Francisco- and Chicago-based private equity firm Thoma Bravo.

“Over the last 20 years, Quorum has become the leading innovator of software deployed by North American energy companies,” said Austin. “Today, Quorum is expanding the scope of our technology and expertise to all energy-producing regions of the globe. Customers everywhere will have access to a cloud technology ecosystem that connects decision-ready data from operations to the boardroom.”

In addition to the merger announcement, Quorum Software announced it had entered into an agreement with Finnish IT firm TietoEvry to purchase TietoEvry’s entire oil and gas business. The agreement, which includes hydrocarbon management, personnel and material logistics software and related services, is valued at 155 million euros, or $188 million, according to a statement from TietoEvry.

“Our three organizations complement each other — from the software that our great people design to the energy markets where we operate,” said Sim. “Our new company will be able to deliver value to our stakeholders, while accelerating the growth of our combined business and the energy industry’s software transformation.”

The combined company will serve over 1,800 energy companies in 55 countries, according to the announcement. With its headquarters in Houston, Quorum will continue to have a significant presence in Calgary and in Norway, the headquarters for TietoEvry’s oil and gas software business. Quorum will have other offices throughout North America, Latin America, Europe, Asia and the Middle East.

As of Sept. 30, 2020, private equity firm Thoma Bravo had more than $73 billion in assets under management. In late December 2020, Thoma Bravo agreed to acquire Richardson, Texas-based tech firm RealPage in a roughly $10 billion acquisition.

Continue Reading

Technology

Piece of Kitchener technology lands on Mars on Perseverance rover

Editor

Published

on

By

KITCHENER — A piece of Kitchener technology has landed on Mars, thanks to NASA’s Perseverance rover.

The rover settled on the planet’s surface on Thursday afternoon. It’s been travelling through space since it was launched from Cape Canaveral, Fla. in July.

“The whole idea of being on a device that we’re sending to another plant with the express mission of looking for traces of past life, it’s pretty mind boggling actually,” said Rafal Pawluczyk, chief technical officer for FiberTech Optica.

The Kitchener-based company made fibre optic cables for the rover’s SuperCam that will examine samples with a camera, laser and spectrometers.

“The cables that we built take the light from that multiplexer and deliver it to each spectrograph,” Pawluczyk said.

The cables connect a device on the rover to the SuperCam, which will be used to examine rock and soil samples, to spectrometers. They’ll relay information from one device to another.

The project started four years ago with a connection to Los Alamos National Lab, where the instruments connected to the cables were developed.

“We could actually demonstrate we can design something that will meet their really hard engineering requirements,” Pawluczyk said.

The Jezero Crater is where the Perseverance rover, with FiberTech Optica’s technology onboard, landed Thursday. Scientists believe it was once flooded with water and is the best bet for finding any evidence of life. FiberTech’s cables will help that in that search.

Ioannis Haranas, an astrophysicist and professor at Wilfrid Laurier University, said the rover isn’t looking for “green men.”

“They’re looking for microbial, single-cell life, any type of fossils and stuff like that,” Haranas said. “That’s why they chose a special landing site. This could be very fertile land for that.”

“It’s very ambitious,” said Ralf Gellert, a physics professor at the University of Guelph.

Gellert helped with previous rover missions and said it’s the first time a Mars rover has landed without a piece of Guelph technology on it. While he’s not part of Perseverance’s mission, he said the possibilities are exciting.

“Every new landing site is a new piece of the puzzle that you can put together with the new results that we have from the other landing sites,” he said.

“It’s scientifically very interesting because, even though we don’t have an instrument on that rover, we can compare what the new rover Perseverance finds at this new landing site,” he said.

Now that Perseverance has landed on Mars, FiberTech is looking ahead to its next possible mission into space.

Continue Reading

Chat

Trending