Shields Activated: Defining a Strategy for Canada’s Cybersecurity Future | TheFutureEconomy.ca

Shields Activated: Defining a Strategy for Canada’s Cybersecurity Future

CybersecurityStrategyTech
Claudette McGowan - Protexxa
Claudette McGowan
Founder and CEO
Protexxa
Published on

Cybersecurity has never been this complex, but we still have a clear opportunity to win.

The growth of generative AI, working from anywhere, and using multiple devices on unsecure connections means there’s a lot of risk out there. Unfortunately, Canada as a nation—and Canadians as people—are not immune, as we’ve seen in the news lately, with high-profile attacks hitting businesses, hospital systems, municipalities, and federal agencies. 

Canada is already doing some good work, and there’s more we can do to lead globally by taking decisive action.

Cyber in Canada: What We’re Doing Today

Stock trader team looking and analyzing stock data on laptop - Financial investment and technology concept

A cybersecurity ecosystem within a nation needs three pillars to thrive: 

  1. Motivated and intelligent individuals 
  2. Collaboration between individuals and across organizations and businesses
  3. Infrastructural engagement and action from government and large institutions


Canada has strengths and opportunities to improve in all three pillars. 

“We need to prioritize more cybersecurity-specific education, given the looming talent gap in the industry.”

As one of the most educated nations on earth, it’s no surprise that we have plenty of intelligent, hard-working people. That said, we need to prioritize more cybersecurity-specific education, given the looming talent gap in the industry. This can be good for ambitious individuals, too—cybersecurity is set to become one of the most in-demand, well-paying industries of the 21st century. 

In the business world, strength comes from collaboration. Executives across the country rightfully view their work as part business growth, part ecosystem safety. In my time leading cybersecurity and technology for a global bank, for example, we would diligently work to keep our customers safe but also let other organizations know if we discovered something that might impact them. I continue this work with my company Protexxa, where we not only use AI to keep our customers safe but collaborate with corporate partners, universities, and nonprofits to share knowledge that improves overall cybersecurity for everyone. 

Given this pragmatic business approach to cyber collaboration, it’s not surprising that Canada ranks third globally for organizational cybersecurity capacity in the MIT Technology Review’s Cyber Defense Index

There is also some great work being done at the government level to support individuals, for example, the Canadian Centre for Cybersecurity. Globally, Canada also ranks fifth overall and fourth in policy commitment to cybersecurity on the MIT Cyber Defense Index; this makes sense given our domestic and international policy agenda. 

“The Tortoise Global AI Index ranked Canada 23rd in cyber infrastructure investment, 11th in AI development, and seventh in commercialization. In contrast, the United States is ranked first in all of those categories.”

It’s not all roses, though. The Tortoise Global AI Index ranked Canada 23rd in cyber infrastructure investment, 11th in AI development, and seventh in commercialization. In contrast, the United States is ranked first in all of those categories. A further study conducted by Surfshark ranks Canada’s overall cybersecurity efforts at 32nd place globally, suggesting a significant opportunity to improve how we invest in cyber defenses.

We Need to Activate Our Shields 

Empowering Security: Cybersecurity Measures at Your Fingertips

It’s heartening to see millions of individuals taking cybersecurity seriously, both for themselves and in their capacity as business leaders. 

What’s necessary for our future is a coordinated national effort supported by significant infrastructure investment by governments, institutions, and organizations. For too long, cybersecurity has been underfunded and under-resourced, and some leaders don’t take the action we know is necessary. It’s time for that to change. 

When it comes to cybersecurity, I advocate for a “shields activated” mindset, which means two things. First, it means “assume breach”—don’t think that because you’re not visibly under attack, nothing could happen (or nothing is happening in the background). 

“A shield is a powerful defence. But it’s also a weapon in its own right.”

Second, it means “think offensively, not just defensively.” Yes, a shield is a powerful defense. But it’s also a weapon in its own right, a battle tactic made famous by the Ancient Greek “hoplites” who leveraged both shield and spear to successfully win battles. 

What Canada Can Do to Lead and Win in Cybersecurity

That “shields activated” mindset leads to a few key actions that Canada must take in order to lead and win in cybersecurity globally.

1. Individuals need to take steps to improve their cybersecurity protections

It’s easy for us to think we’re not really targets as regular, everyday individuals. However, you could be a target because of the company you work for, or, unfortunately, you could stumble into an attacker who sees a crime of opportunity.

All Canadians need to think about cyber safety in the same common-sense way we think about fire protection (“stop, drop, and roll”) or crossing the street (“look both ways first!”).

This looks like a few things:

  • Consider adding multi-factor authentication to your apps and logins
  • Change passwords (or passphrases) regularly and make them unique (avoid “tarzan1” becoming “tarzan123”)
  • Consider making your social media private or delay sharing details (e.g. don’t tag your exact location in real-time or share travel photos after you’ve already returned home)
  • Always lock your computer screen if you’re away from your desk (even at work!)
  • Be initially skeptical of large financial asks or people seeking private information—even if that’s the norm in your life—until you can verify it’s authentic
  • Use a VPN when surfing the web in public
  • Use code words for human verification to avoid impersonation scams


Individuals also face dual threats—attackers coming for their assets but also taking advantage of their position as employees. For example, one employee recently got duped by a CFO impersonation scam and paid out $25 million in company funds to the scammers

2. Business leaders need to get ready and stay ready

A “shields activated” mindset in business looks like

  • Understanding your device landscape: How many laptops are used by employees? What about wifi-enabled photocopiers in your offices? Or other IoT devices?
  • Understanding how your employees work: Are your employees in-office? Remote? Hybrid? Are they using a VPN? Over 90% of cyberattacks happen because of your people—you need to make sure you understand your people and the devices they use to work.
  • Planning for attacks: Create a preventative cybersecurity plan and an emergency response plan; then run fire drills where you practice those actions on a regular basis).
  • Run TTP (tactics, techniques, and procedures) analysis when another organization is cyber attacked: What happened? How did the hackers get in? Could the same thing have happened to you? What could you do now to ensure it doesn’t?
  • Keep security patches up to date: Never delay this. It could be the vulnerability a hacker uses to breach your systems.


When you know what your business’ cyber vulnerabilities truly look like, you can plan adequate defenses, training, and embed a culture of security into your organization. Knowing this insight also makes collaboration easier since knowing your own vulnerabilities makes it easier for you to both spot risks and respond if someone else notifies you of something coming up.

3. Industry needs to further promote a culture of sharing

Large enterprises have built a process for collaboration, but it’s time to expand that to include startups, nonprofits, mid-level businesses, and more. This is already starting, but there’s absolutely an opportunity for more trusted partnerships.


This key change comes because of how the new digital world functions. Increasingly, customers and employees of large enterprises are also customers of small businesses. Even if they aren’t for some reason, most individuals are connected to organizations of all sizes through our social networks. Increased interconnectedness makes cybersecurity all the more important, particularly as hackers are now targeting one organization to exploit the connections they have with other businesses.

4. Governments need to coordinate, align, and execute

What Canada truly needs from our government actors is to find a lane where we can excel and then prioritize it. For example, the United States is a global leader in putting out business-focused research—for example, the Verizon Threat Research Advisory Center. The European Union, on the other hand, has long been at the forefront of government action, as evidenced by the comprehensive list of Acts and Policies created in the past few years. 

“Senior leaders in every level of government need to prioritize cybersecurity as a national security issue, assigning budget and implementation resources.”

To find and execute on Canada’s unique lane, senior leaders in every level of government need to prioritize cybersecurity as a national security issue, assigning budget and implementation resources. We then have to more deeply understand how our global partners think about cybersecurity—both from a business and a policy perspective—and map out Canada’s approach, identifying if customization is necessary.

Part of this commitment should involve investments in cybersecurity infrastructure, something both multiple studies point out is lagging in Canada. That means governments should partner with academia and industry to develop new insights, policies, and tools that will keep everyone safe. Canada has some of the best research facilities in the world and we should take advantage of that.

Finally, when we have best practices (either global or home-grown), governments must commit to decisively acting on them. This means not only in government work, but also adjusting policy and incentives to align all stakeholders to the same mission of national cyber safety.

We Can Build a Cyber-Secure Canada

Canada winning in cybersecurity is an opportunity to not just protect what we have but also build wealth, bring more high-paying jobs to the country, and build lasting businesses that can define our economy in the 21st century.

But to access these benefits, we must take action and have a “shields activated” mindset to protect our critical infrastructure.

To start on that journey, we need to seriously ask ourselves where we want to be as a nation in ten years. Right now, we’re the fourth most targeted country for cyberattacks, according to the 2023 Blackberry Cybersecurity Global Threat Intelligence Report. In my view, this is one list where you never want to be in the top spot. 

Rather than just talk about avoiding attacks or acting defensively, we need to collaboratively define the future we want, identify the steps necessary to get there, and get to work.

In the end, we owe it to ourselves and future generations to take action. We are absolutely capable of it; we have the tools and we have partners globally. We simply need the courage to act.

See the Full Series
We use cookies to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. Learn more about our cookies.