Thank you, Mr. Chair.
My name is Jennifer Quaid. I'm the executive director of the Canadian Cyber Threat Exchange, the CCTX.
The CCTX is a pan-Canadian, member-based, not-for-profit organization focused on enabling Canadian companies to build cyber-resilience through collaboration. We represent 170 members across 15 sectors. We were founded by some of Canada's largest companies, but our mission is to enable organizations of all sizes to reduce financial and operational risk through access to relevant and timely threat intelligence. Members choose to participate, because they recognize that being aware of the cyber-threat environment and its ever-changing landscape is the first step to ensuring the cyber-resilience of their organizations.
As Canada's Minister of National Defence recently said, “Cyber security is one of the most serious economic and national security challenges we face.” As you know, cyber-threats are becoming more sophisticated and are increasingly pervasive. Driven by the growth and global adoption of innovative technologies, cybercrime pays. Who does it pay? Cyber-threat actors can be grouped into roughly a couple of categories: nation-states who are conducting espionage and statecraft through the Internet, and criminals who are engaging in cybercrime for financial gain.
It's this criminal element that has commercialized cybercrime. It's now an industry unto itself. It's an industry where the barriers to entry are lower than ever. Technical expertise is no longer a requirement. Cryptocurrency makes collecting your fee easier, and the chances of getting caught are low. Several countries allow cybercriminal groups to operate within their borders, but we also have hacktivists, cyber-attackers designed to target social injustice, and the ever-present insider threat.
The ongoing geopolitical tension in Russia and Ukraine has created an opportunity for an increase in hacktivism and criminal activity. The threat actors are targeting critical infrastructure on both sides, taking down banking websites and disrupting government service. The Conti criminal organization is acting in support of Russia. Anonymous claims to be waging a cyberwar on Putin. Network Battalion 65 stole and used Conti's code to lock up files inside government-connected Russian companies.
Canadian organizations have been following events unfolding in Ukraine and are operating under a heightened sense of alert. CCTX members, in collaboration with the Canadian centre for cybersecurity, are working to ensure that Canadian businesses can better defend themselves from these attackers.
This is a good example of public-private partnership in action. Through the CCTX, the cyber centre has the opportunity to disseminate information to businesses of all sizes in all sectors. We can then enable our members to collaborate, leverage and use that information in a meaningful way, but collaboration is more than sharing threat information. It's professionals sharing best practices and working together on cyber-problems that are impossible to undertake within a single organization or sector.
It's engaging with others to improve your cyber-resilience—the resilience of your supply chain, your customers and the Canadian economy. It's an effective way to expand your team's capacity, which is increasingly important in an economy where there are 25,000 open positions. According to CIRA, 25% of organizations have reported a data breach, and the attacks aren't stopping.
What more can be done? The government can make sharing easier for many organizations by the simple act of creating “safe harbour” legislation, laws designed to encourage businesses and organizations to voluntarily share information by protecting them from legal repercussions, sharing beyond statutory requirements. You can also enable more companies to join a collaboration organization by making membership as an ITB—anything to encourage sharing information.
Collaborating on cyber-threats and building our collective resilience are critical to prevent, detect and contain cyber-attacks in the private sector. Our success increases significantly when we work together.
Thank you.