• ISSP

Lessons from Ukraine for Canada's National Digital Strategy

Updated: Nov 3

Intensified cyber warfare and psychological operations in Ukraine forced countries all around the world to upgrade their national cyber strategies. Canada is not an exception. ​ How to manage digital risks and get business and public sector organizations ready to counter cyber threats – that was the focus of the third annual digital conference conducted by the Government of Ontario’s Cyber Security Centre of Excellence in Toronto on October 3rd, 2022. Oleh Derevianko, ISSP Co-Founder and Chief Vision Officer, participated in an online panel discussion together with Sami Khoury, Head of the Canadian Centre for Cyber Security, and Rhonda Bunn, CISO, the Government of Ontario. The topic - Cyber Security in Ukraine and Canada's National Strategy.

‘Since the begging of the full-scale invasion, Ukrainian critical infrastructure, governmental institutions, organizations of the defensive security sector and business enterprises have been constantly attacked by Russian state-sponsored actors and proxy hackers. Most of the attacks have similar patterns, they are quite simple but very intense. However, we also encounter an increasing number of more sophisticated attacks aimed to intrude on the target organizations using the advanced persistent threats (APTs) that existed before the invasion. According to the Ukrainian authorities, there were 1123 attacks during the first six months of the war. The number of attacks on the Ukrainian critical infrastructure has tripled’, Oleh Derevianko said explaining the current situation. What public and private sector organizations should consider protecting their digital assets? • Identify high value assets (HVA) and conduct regular in-depth technical cybersecurity compromise assessments • Ensure cybersecurity operations for HVA • Conduct incident preparedness exercises (operational and executive) • Ensure disaster recovery for HVA and evaluate RTO/RPO • Compose incident response plans (recovery team and procedures) and contract with a trusted provider for cooperative incident response • Exchange information for early detection and threat response ‘Threat intelligence, threat exchange, and continuous digital risk protection should be an essential part of performing the digital transformation. Only assuming compromise, you can be ahead of a cyberattack culmination’, Oleh Derevianko concluded.


Ontario’s third annual cyber security conference is geared towards IT and cyber security professionals from across Canada’s Broader Public Sector (BPS), and provided participants with valuable insights on the current cyber security landscape, as well as how to best manage digital risks within organizations to improve their cyber security posture. Partners of the event –Toronto Metropolitan University, SANS Institute, University Health Network (UHN), ISSP, Deloitte, Rogers, IBM, Canadian Centre Cyber Security, Healthcare Insurance Reciprocal of Canada (Hiroc), In-Sec-M, etc.

0 comments