Cybersecurity framework still not finalised after 3 years

Founded in 1941, CBC News is Canada's publicly owned news and information service. CBC News is rooted in every region of the country and reports on Canada and the world to provide a Canadian perspective on news and current affairs.

On the 23rd of June, our CEO and founder Ajay Unni spoke with Canada's national public broadcaster (CBC) about the importance of adopting a cybersecurity framework following a devastating cyberattack that sent the local healthcare system into chaos.

Read Ajay’s contribution to the article below, and read the full article as published in the CBC News here.

'3 years is a fair amount of time'

Cybersecurity expert and author Mark Sangster says frameworks like the one referenced by NLCHI try to encompass all aspects of a cybersecurity program to identify what specific controls and policies need to be in place, and how to measure whether they are effective.

He acknowledged that a lot of resources and efforts would have been diverted during the pandemic.

"That said, from a cybersecurity perspective, three years is a fair amount of time," said Sangster, who is chief strategy officer at Adlumin, a company that provides cybersecurity solutions.

CBC News provided Sangster with more than 200 pages of heavily redacted internal NLCHI documents, obtained through an access-to-information request, for him to review.

He said the overall framework appears to show a comprehensive model, based on what he would consider to be best practices.

"Because of the redacted information, it's tough to know where they are on that journey, how much has been implemented and hasn't," he said.

Ajay Unni, founder and CEO of Australian cybersecurity firm StickmanCyber, said there are well-established frameworks globally available.

Unni wondered why officials in this province wouldn't have simply adopted one of them.

He said three years is an "alarming" length of time to complete work on the framework.

"The whole world operated quite efficiently during COVID," Unni said. "I can't comprehend a reason why it couldn't have been finalized." 

In addition to running his company, Unni was a member of the cybersecurity task force created by the state government of New South Wales in 2020. 

Similar posts


Optus has been hit with a major cyber attack

In today’s world businesses around the world as well as in Australia, face increasingly sophisticated and innovative cybercriminals targeting what matters most to them; their money, data and reputation. Download our guide to learn everything you need to know about the Optus Data Breach, as well as the nine steps every business around the world and in Australia needs to take to avoid being next.