The Cyber Review: North Korean Hackers, Canada Research Chair

February 5, 2021
Written by Farah

1. The Big 8: How to heighten cybersecurity governance

As cyber criminals continue to get savvy with attacks and exploitation, organizations and government agencies must implement effective cyber security strategies.

8 important steps to heighten cybersecurity governance:

  • Recognize that the worst case scenario has happened
  • Get the CISO to report to the CEO
  • Review internal cybersecurity policies
  • Confirm if processes and controls are bulletproof
  • Stay up to date on regulations
  • Increase IT budget funding
  • Create and regularly update an incident response plan
  • Communicate with customers and suppliers

2. North Korea targeted cybersecurity researchers using a blend of hacking and espionage

North Korean hackers attacked cybersecurity researchers by deceiving them through fake social media accounts and personas. The fake personas contacted researchers asking to collaborate by including content that would entice the researchers.

Since the pandemic, phishing has already been on the rise, now hackers are finding new ways to manipulate people who are working from home. This attack was at a higher level because it targeted people who are in cybersecurity and have the knowledge.

3 trends from North Korean operations:

  • Stealing cyber weapons from the industry
  • Weaponization of social media
  • Blurring of cyber and information warfare

3. Let’s change the way we think about cybersecurity, legal expert says

Emily Laidlaw, University of Calgary’s Canada Research Chair in cybersecurity law says so many of our day-to-day activities are vulnerable to cybersecurity attacks and issues. Changing the way we think about cybersecurity, exploring systems of cybersecurity and models in Canada is needed especially with how fast technology is evolving.

“The law as it relates to cybersecurity is in disarray, which provides a really good opportunity for me to make a significant impact on this area of law. The approach I am taking is to start by looking at regulatory models — what are the trends in different governance approaches, and what do we learn from them about what is generally working and not working — which will shape the development of new forms of cybersecurity regulation.”