The Canadian government must take a more active role in setting standards and creating a culture of transparency around IT security, Canadian Advanced Technology Alliance says. A CATA survey of 300 firms shows an industry that is closing the traditional divide between IT security and its physical
counterpart. IT security also shows surprising strength despite the industry-wide slump: 85 per cent of respondents said their business has increased this year.
“”There’s been a crisis, but not as big as the rest of the IT sector,”” said Jean-Guy Rens, a CATA executive director who complemented the survey with a series of one-on-one interviews.
Rens says the government should encourage enterprises to report security breaches as a general good business practice. It’s becoming an obligation in the U.S.
Craig Heldson, national principal with IBM Canada’s security and privacy testing group, points to a recent law in California requiring companies to notify all their customers when security has been compromised.
“”How are you going to notify three million people?”” he says. “”The postage alone will kill you.””
Nevertheless, Canada is likely to move in a similar direction, Heldson says, so businesses should start reporting incidents now.
Bank of Montreal chief information security officer Robert Garigue agrees. He says transparency is a credibility issue. And while government-mandated security audits could prove expensive, they’re necessary. “”What kind of plane would you like to fly on — a regulated one or an unregulated one?”” Garigue asks.