Skip to content

Entry Level Cybersecurity Jobs Paying More than Entry Level Lawyers

While this headline might be salacious to some, it’s reality. By 2021 there will be a global shortage of cybersecurity professionals that is estimated to reach 3.5 million. This is significant in that cybercrime is also increasing and shows no sign of slowing down. As a result, if you graduate with a degree that you can leverage for a cybersecurity job, you will be paid as much or more than an entry level lawyer.

To discuss the global labour shortage, I recently had the pleasure of interviewing Steve Morgan of Cybersecurity Ventures, the world’s leading researcher and publisher covering the global cyber economy — and a trusted source for cybersecurity facts, figures, and statistics. We had a great conversation and this blog is part one of a two-part series.

MacLean: Steve, thank you for taking the time to talk to me today. I know how passionate you are about sharing information so let’s get started. As we know, cybercrime is not going away, it’s only increasing.  What concerns you most about the global labour shortage?


Steve Morgan, Cybersecurity Ventures

Morgan: What troubles me most is unlike some specific cyber threats that we see, I don’t really see an answer or solution for the workforce shortage. Situationally we hear vendors speak to certain market sectors such as Artificial Intelligence and technology as the solution. Every vendor speaks to technology being the solution for the workforce shortage, but it is not helping. We are still behind the eight ball and it’s getting worse. People need to think differently for the solution.

MacLean: Your research shows that cybercrime is predicted to reach $6 trillion by 2021. How do we help get the message out that there are tremendous opportunities for people in this sector?

Morgan: Cybercrime is an epidemic that is getting larger and larger every year. Black hat hackers are getting better and they have no rules. The unemployment rate for cyber sits at zero percent right now. I think that some of the issues arise from people not being informed. Quite frankly schools are not informed. Raytheon did a study in the US that stated that two thirds of students have never been spoken to by a parent or a school about cybersecurity. This is concerning.

MacLean: Do you think this has a lot to do with people not understanding the issues and/or the fact that they may not be able to articulate the complexities of cybersecurity?

Morgan: Absolutely! When you go out to dinner with people and start talking about cybersecurity, you just lose them. They have a very, very general knowledge of computer science and what kids might be looking at jobs for graduation. In terms of cybersecurity however, they just don’t get it and they, themselves are at risk on their own media as they don’t realize just how at risk they are. In general the industry, media and others have not done a good job at articulating the issues.


MacLean: So, you raise an excellent point. We – as a collective in the industry – need to develop educational messages for the average consumer. We need to educate parents so they are better informed. Are parents the best point of contact?

Morgan: Parents aren’t the only point of contact, but they are an important one for young kids. They speak to their kids about what they are struggling with or what excites them. And most parents, not having the foundation of knowledge, would likely give their kids a blank stare if asked about careers in cybersecurity.

MacLean: Your website provides a wealth of information. It really is a wonderful resource for educators, marketers, journalists, etc. to use. Is there any issue with people sharing your content?

Morgan: Absolutely not. We want to educate the market. We make it easy to access the information and to share it. When quoting our research, Cybersecurity Ventures should also be cited as the source — and we recommend a hyperlink for the benefit of readers.

MacLean: What other ways can we reach kids?

Morgan: A few months ago I saw something that can really make a big difference and can reach moms – not that dads aren’t important – it’s just that moms spend more time with their kids. Palo Alto Networks signed an agreement with the Girl Scouts of America. It is a well thought out strategy that gets girls focused on cybersecurity.  This of course directly gets the girls thinking and learning about cybersecurity and the key is, it involves the mothers. This won’t work without the mothers being involved. I thought it was brilliant. We need to reach those kids in the US and really around the world. We need kids leaving the 11th and 12th grade thinking about this field.

There’s no doubt that we need to change the dialogue and provide more information so that we can overcome the global shortage of cybersecurity professionals.  This is not something that can be done in isolation. We must work together.

To learn more about how TaylorMade Solutions can help you collaborate, contact us today.

[Editor’s Note: a version of this blog previously appeared on the CyberNB Blog.


Sears Passing Triggers Longing for Family & Traditions


[Editor’s note: I wrote this piece just before Christmas 2017 and since this time my family lost a father, brother and uncle. Image: My Uncles and Me.]

Sears has been around for my entire life. My first experiences with Sears was a catalogue store. In my small town we didn’t have a full blown store. Of course when travelling to larger centres, it was always a treat to go into a real Sears store. And, of course when I moved to New Brunswick’s capital city, we had our own Sears store. Over the years it grew from a respectful mid-sized store to an anchor store.

About a week ago I decided to see what sales I might take advantage of. It wasn’t the first time I was in the store since the news of its demise was made official. This time however, it was different. It hit me like a ton of bricks. The store was now clearly emptying out. I didn’t really notice it in the clothing section, except for the unusual groupings, but the rest of the store was, for the lack of a better word – barren. I actually stopped dead in my tracks and looked at the store with surprise.

I watched as people moved with skill and purpose as they sought out the best deals. It really did hit me. It was like a wave washed over my entire body. I am not trying to be dramatic here, I just couldn’t help but feel very sad – profoundly sad. It wasn’t a reaction I expected for a store closing. I knew for some time that they were struggling. No, there was clearly more to this reaction than I realized.

After leaving the store, the feeling continued and I continued to ask myself, why? Why is this bothering me so much? Finally it hit me. It had nothing to do with Sears, or it’s closing. It was just the trigger. You see at the core of things I am a traditionalist. There are many things that mean the world to me – family being at the core of what matters most. And this is why memories are so important to me. I have a lifetime of great memories that have been built with both time and by mostly accident. Pleasant accidents really! Maybe I wouldn’t have had this same reaction if it weren’t Christmas time. Maybe if this were in the summer, it would have been different. However, it isn’t summer.

The loss of something can hit home really more than we think. But really, it is not about losing a store. It’s about losing tradition. This last year has had more than my share of traditions and the memories associated with those traditions challenged. I have lost people who have played a significant role in my childhood memories. First it was my Aunt Penny. We lost her in early in the year…around Easter to be exact. She played a significant and positive role when my father died some 37 years ago. I can’t forget that. Then there was my former boss and mentor. His death was a shock to me. I knew he had some health issues, but always seemed to be someone who would live well beyond others. He was kind. He was someone that firmly believed in others. He took a chance on people because he believed everyone deserved more and better. His death still rocks me.

I now shift to present day and think about Christmas traditions. I think of my uncle Patrick who hosted the most wonderful family Christmas parties. All of the family and extended family would gather at his house. My great uncles and my mother and her sister and brother, Richard (the pre-war kids) would sing war songs and Christmas classics. It was really amazing to hear them harmonizing and singing so beautifully. I will never forget that. I also can’t forget the cousins gathering in the basement and one of the uncles, I won’t say who, giving the older cousins each a bottle of beer and a sip to us younger cousins. In that house there was a lot of love, laughter, similes and hopes for the future. It was wonderful.

On top of that Christmas memory is the fact that my uncle Patrick would call each of his nieces and nephews and do the most wonderful Santa Claus. It was brilliant and wonderful all in one. And, despite my brother telling me that there was no Santa when I was just four, I still looked forward to my call each year. I still wanted to believe  and clearly my uncle wanted me to believe. Perhaps my favourite memory was the Christmas Eve he was at my house. He used my father’s office phone to call me and because of that I almost did believe that Santa was real. You see I had come to believe it was my uncle Pat who was calling. But, how could he be at my house and call…could it be…could Santa be real…? I really wanted to believe; however, I did realize later that night that we had two phone lines in the house and before caller display of course it could be done. Despite this, I never let on. I wanted to believe in Santa and I wanted Patrick to believe that I believed.

As I grew and matured, my relationship with my uncle Patrick changed and evolved. I babysat his son and my cousin Mark for years. After that I came to appreciate many of the same things that Pat appreciated: art, antiques and family pieces. Over the last few years, Pat shared with me pieces from my family’s burial ground  that he was able to save when they had to make some cost saving changes. He passed along glasses that came from my father’s side of the family that he was able to secure from a tag sale. He also passed along some precious cups and saucers from his side, my mother’s side of the family. And just this past July he passed along two wall hangings from my Great-Grandmother’s house. He made me promise that I would never paint them. It wasn’t a hard promise to make. The pieces were perfect the way they are.

So, what has this all to do with Sears Canada ceasing operations? Well, a lot. You see, it is through Sears closing that I realized why the store closing has had such an impact. It’s not about retail. It’s about tradition. It’s about family. It’s about the fact that people who have always been there…whom I could count on…who have seen me grow and change are either no longer here, or won’t be in the near future. Stores will come and go, but people matter. Family matters. I don’t want to say goodbye to these important people in my life, but unfortunately it is not my choice.

So, for those who have impacted my life in so many positive ways, I say I love you and know that your love mattered to me and to all of our family. And, I am in part who I am today because of your contribution to childhood and my adulthood.

Intel’s Security Flaw Puts Spotlight on Security by Design

Intel, Heather-Anne MacLean

Well, 2018 is starting off with a significant cybersecurity and privacy hit. Intel Corporation just confirmed Wednesday of this week that flaws in the Intel processor could leave computers – around the world – open to vulnerabilities. As the largest chipmaker in the world, computers – and not just PCs – are now exposed, and this quite frankly puts a spotlight on security by design.

Security by design is something that consumers should be concerned about. We should demand it actually. But, what is security by design? Using a simple definition from TechTarget, it is “an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices.” In addition to security by design, privacy by design should also be included and with the previous definition, privacy by design should be pretty easy to figure out.

Security and privacy by design are two minimum standards that consumers should be asking about and confirming that they are being fully implemented by the companies from whom they purchase products. After all, once a consumer is compromised the level of damage can range from embarrassing to fully destroying one’s life. For example, it could be someone getting access to your social media and taking it over and posting pornography. Or, it could be someone getting access to all your credit card information and then using the information to spoof you and to get many more credit cards in your name and thus ruining your credit and leaving you with thousands or tens of thousands of dollars of debt. It can also mean someone getting access to all your personal information, including all your health records and in addition to getting credit cards in your name, posting all your medical history online and on your own social media for the whole world to see.

Security and privacy by design are not new. People have been talking about these principles for years; but the kicker is that there is no legislated requirement to ensure that companies adopt these principles and build them into their standards and operations.

This Intel discovery should really be a warning and wake-up call globally. With Artificial Intelligence (AI) and the Internet of Things (IoT) becoming more and more entrenched in our daily lives, security by design and privacy by design must become the standard and be baked-in at the start of the design process rather than just emerging after an “oops” discovery.

For those that don’t think that IoT is in their lives, think again. Do you have a mobile phone? How about a computer at home? Did you get a fancy new fridge for Christmas that can tell you when you are running low on milk? Or, how about the latest craze in home assistants such as Alexa or Google Home – perhaps this was a new addition to your life? If you said yes to any of these, then you should definitely care about security by design and privacy by design.

So, once you have updated your computers with the patches sent out from your computer provider, let’s use the Intel incident to collectively start asking, no demanding, that all software and hardware providers implement – immediately – security and privacy by demand principles, protocols and standards! If consumers stand up for their rights and only support companies that adopt security and privacy by design, this will cause all companies to follow suit. Better yet, let’s legislate it and have severe penalties in place for those that don’t comply.

Want to learn more about how security and privacy by design impacts your marketing and communications? Connect with us.

The Unintended Consequences of Security Cameras: Children’s Privacy Breached

Privacy, TaylorMade Solutions

These days we can expect to be “on-camera” and recorded in most public places we frequent. Despite the fact that most of us don’t think twice about this, there are significant untended privacy consequences of security cameras that we should be very, very concerned about.

First and foremost there are at least five questions we should be asking:

  1. “Who” is actually recording/watching us?
  2. What are they recording/watching us for?
  3. How long are they retaining this information?
  4. Can they “legally” record us?
  5. And finally and perhaps the most concerning, “Are they live streaming?”

This final question really rose to the top of the list just last month.  Parents and school administrators were somewhat shocked to discover that a school in Cape Breton, Nova Scotia was “LIVE” streaming live video of kids in various school locations. Of course the intention was not to live stream, but unfortunately inadequate protocols where in place and this meant that firewalls were not in place. The result, images of kids were able to be live streamed for months.

In fact, the images had been live streaming for some time. Equally disturbing is the message that was displayed with the video. “Change Password” is clearly shown with the date and time of the video. The risk here of course was that some bad actor or actors could have taken control of the video system. Equally disturbing was the fact that inn some cases, the camera position and the ability to zoom could have been accessed and actually changed.

As a parent, you would have obvious concerns with this. School administrators would have these  same concerns, but you need to add the liability issues. And then the question is, who if anyone, is liable? And, should they be?

As someone who advocates for privacy, I have a whole host of concerns with video surveillance. They really are those questions I list above. We do have a right to know these things. Of course, there are very legitimate reasons for security surveillance. And please don’t get me wrong, I think that in the right circumstances, video surveillance is not only a necessity, but it is critical.

However, let’s break down some my questions above in a little more detail:

1. Who is recording us?

It’s true that we are being recored more than we think. In public spaces there should be an expectation that there could be some sort of video surveillance. This surveillance however, is meant to be a deterrent against crime or other less than other desired behaviour. For example, I am sitting in a coffee shot right now and I decided to take a quick look around and sure enough, there are two surveillance cameras that I can spot. They aren’t actively pointed at the seating area, but rather the cash and the access to the back room.

The key to this are the words “public spaces.” Street corners are public spaces. Shopping Mall hallways are public spaces. Schools may not fit the traditional definition of public spaces. While a public space, a school is not open for any random strange to enter and wonder through. Additionally, public but private spaces such as lorckerrooms, change rooms or washrooms are not truly public spaces.

An additional layer of complication is when children are involved. In these cases there does need to be extra precautions. There are many legal requirements when it comes to capturing images of children and how you use those images. In my business, I will not use a photo of a child, unless I have written confirmation from the parent(s) that I can. Live streaming children does not pass the smell test. In other words, if you are live stream children, make sure you have your legal requirements covered and most importantly protect the identity of the children!

2. What are they using this information for?  

Remember that when using surveillance cameras, the information collected should be done in such way that the minimum amount of information is captured.For example, there is an expectation in change rooms and washrooms that there would be no cameras. If using cameras for security at a banking machine for example, the camera should not capture images of people walking by on the street outside the bank.

Additionally important is the capturing of audio. This is yet another level of detail that impacts privacy. Capturing images is one thing, but capturing conversations is a real intrusion upon one’s privacy. Live streaming it takes it to a whole other level of violation of privacy.

People have a right to know that they are being recorded and signs should be posted. You see this in airports for example.

3. How long is the data kept?

As stated previously, if surveillance is recorded, the information captured should be such that it is not capturing more intelligence than what is needed. Additionally, keeping this information is not something that is meant to be indefinite. Organizations must look at retention schedules. These of course can vary, so it is important to set realistic timelines and to properly delete the files.

Laws do change over time and what you may be able to now, you might not be able to in the future. There is definitely a need to balance the rights of privacy of individuals while also collecting data that is needed to protect citizens. If you are using surveillance cameras, be sure to check with the applicable legislative and legal bodies for your region.

Want to learn more about privacy and how it impacts your marketing and communications? Connect with us.

Blue Spurs and the Internet of Things Case Study

Heather-Anne MacLean, TaylorMade Solutions

[Editor’s Note: This post previously appeared on the CyberNB blog]

We all interact with the Internet of Things (IoT) every day. Our kids interact with the IoT every day. Everything from our mobile phones to our smartwatches to the devices used to heat and cool our homes are connected to the IoT.

Despite connecting with it every day, many of us still don’t really know what it is.

Like cybersecurity, the IoT is one of the fastest-growing sectors of our economy. To put it in perspective, Ericsson has predicted that there will be 28 billion internet-connected devices by 2021. IoT is a natural tie-in with cybersecurity which makes this case study and interesting connection to educating our students and growing the talent pipeline.

Most importantly, it’s essential for our students to learn about IoT and the job possibilities it brings. To help students learn about its full potential Canadian-based Blue Spurs has created the Blue Kit, a creative, low-code product that teaches students about IoT.

For a complete look at Blue Spurs and how this award-winning Blue Kit evolved download the case study.


The Sunday Brief for Sunday August 20, 2017

The Sunday Brief

For this Sunday Brief I am focusing on the top blogs I enjoyed about privacy. As this is a growing issue, all MarComm Practitioners and business owners should be placing more priority on privacy. In fact, in the industry we say that you should be baking-in privacy planning (as well as cybersecurity) from the very beginning. So, with that in mind, let’s check out the latest Sunday Brief:

Dark Reading

This blog always has insightful information. This time, I am focusing on a post by Kelly Sheridan. The post is entitled 50% of Ex-Employees Can Still Access Corporate Apps. From a privacy and security perspective, this is a disaster waiting to happen. As Sheridan points out, the value of data is significant and the probability of a data breach is much higher when you fail to do one of the number one – and easiest things – to protect your client data – disable access. This is a great read and a ‘must-do’ practice for all organizations.

 IT Security Guru

I find this article really fascinating. I work hard to keep my work and personal lives separate. I have always maintained two phones – one for my personal “stuff” and one exclusively for my work. So, when I saw “Employees rate mobile privacy highly, as less than half prefer to keep work and personal lives separate,” I was somewhat surprised that less than half want to keep their personal lives separate and distinct from their work lives. This blog post was written by Dan Raywood.

Interestingly enough more than 84 per cent of employees rate privacy as a top three concern. However, there is a clear lack of trust in the ability of their employer to manage their mobile security and privacy. That is pretty significant.

This is article is very interesting to me in terms of the lack of trust that exists and secondly that so many people aren’t concerned about keeping their private lives separate from their employers. The two concepts don’t seem to align.

BH Consulting 

This particular entitled Doing privacy ‘rights’ vs doing privacy ‘right’ by Valerie Lyons gives an interesting look at privacy and different roles that individuals, government industry play.


All three blogs are a great read. I encourage you to check them out if you are interested in privacy-related topics. And if you are looking for MarComm support for your organization, reach out to us at TaylorMade Solutions.


Three Cybersecurity Lessons from the Internet Outage in Eastern Canada

cybersecurity, bell

If you were in Eastern Canada or trying to connect with someone in the region for work or pleasure on August 4th, you might not have succeeded for a period of three hours or so. While this event was NOT tied to a cybersecurity breech or issue, there are three cybersecurity lessons that we can learn from the Internet Outage in Eastern Canada.

One service provider, Bell, confirmed this week that it was a perfect storm of the work of construction crews -unrelated to Bell’s operations – not checking for cables prior to digging that resulted in service to internet, mobile and landlines being impacted. This outage also impacted emergency services in much of Atlantic Canada. (Another good reminder for construction crews to call before you dig.) Bell’s customers were not the only ones affected. Telus, Koodo and Virgin customers also had interrupted services. Thankfully they took action quickly and remedied the situation as quickly as possible.

So, other than an extreme inconvenience to customers, there are some observations we can make from this experience. This outage can really help people think what would happen if there was a major cybersecurity attack in Canada. This is something good to come out of this outage – getting people thinking about what-if scenarios.

1.  Our Economy Depends on the Internet

I feel like this should be a no brainer, but at the same time I do want to reinforce this thought. We typically have such reliable internet services that we don’t give it a second thought. If anything, this outage should have really pounded home the fact that a cyberattack could not only have the same affect, but the likely hood that it would only last a few hours, is slim to nil. The affects would be long-lasting.

This outage impacted not just consumers of these service providers, but businesses in general. If your business relies on the internet for online sales or providing support services, your customers, regardless of where they are located were not able to purchase your products or services for hours. They also were not able to get online support services from you. If they went old school and tried to call you, they were also out of luck. In some cases, this might be enough for potential customers to go to your competitors.

What if you were delivering online training to customers around the globe on that fateful Friday? People who had paid and signed up weeks prior were then either dumped from the online course and/or could not sign-in.

Finally, this was a long weekend in Canada. Imagine people travelling and wanting to make last minute hotel accommodations. What happens when they can’t get through to you? Or, what happens when their car breaks down on a highway somewhere and they can’t use their phone for hours to call for help? This was the middle of summer and warm. What would happen if this was the middle of January in Eastern Canada?

These are all very real scenarios that could happen as a result of a cybersecurity attack.

2. Our Safety Depends on a Safe and Resilient Internet

I am fairly certain there were people who dialled 911 or other emergency service numbers on the 4th that were quite alarmed when they could not actually reach help. Whether it is hours or minutes, time matters in an emergency!

3. Security and Privacy, Backup Systems and Processes Must be Baked-In at the Beginning of all Systems

We must never underestimate security, privacy, backup systems and processes being what we call “baked-in” at the beginning of any system development. All new systems must be created with these critical elements a part of the planning, development and execution process.

It is critical to note that this has not always been the case. It’s not that it was left out intentionally, but older systems could have been built at a time when cybersecurity breaches were not the reality. That being said, it is very much our reality now. As a result, all businesses and governments must now revisit and update their systems to ensure that these critical elements are baked-in going forward.

Eastern Canada has been fortunate to have good systems in place run by leading companies. This outage however, was definitely – or should definitely be – a wake-up call for us all to revisit cybersecurity measures to ensure that we protect our citizens and our economy. After all, we need a safe and resilient internet in order to operate our businesses, our emergency services and live life the way we have all become accustomed too.

Cybersecurity is a critical issue that we all face now. If you are interested in learning more about communications protocols around cybersecurity and privacy breeches, get in touch with us.

Four Reasons You Should Have Cybersecurity Insurance

cybersecurity, cyber security

Do you have insurance on your house? Of course you do. So, the question is why wouldn’t you protect your business – your source of income – the same way you protect your home? Cybersecurity insurance won’t stop a breach. It will, however, help raise awareness and cover damages, should you be attacked.

Small or medium-sized business owners should check out these four reasons to have cybersecurity insurance.


Data breaches and other cybersecurity issues such as ransom are not typically covered in general liability insurance policies. It’s essential to understand what is, and what is not, covered in your policy.


The damage caused by a data breach will exceed the cost required to overhaul security procedures or replace lost or stolen laptops. Many business owners and managers fail to consider the costs over and above replacing tangible assets.

For example, the financial impact on corporate reputation could be devastating. Reputation costs range; it could be a few thousand dollars to build new processes and policies to reassure customers it won’t happen again. On a larger scale, it can result in stock prices dropping significantly. In worse case scenarios, approximately 60% of small businesses will cease operations within six months of a breach according to the U.S. National Cybersecurity Alliance.

A final cost consideration is the penalties rendered as a result of a data breach. Canada, like most jurisdictions, continues to modify its privacy regulations. It is anticipated that sometime this year, regulations requiring notifications of data breaches will be implemented in Canada. Fines of up to $100,000.00 could be issued.


Business owners and managers often fail to understand this important nuance. Just because you outsource IT, have another party host your data or use the cloud, does not remove your responsibility to protect personal data. You have collected the data, therefore, by law you hold the responsibility to protect it.


Risk management teams are reserved for larger organizations. They have bigger budgets and access to more resources for their overall operations. They look for, and assess, all types of risks, not just cybersecurity or data risks.

Smaller businesses have neither the budget nor the ability to have full-time risk management teams. Insurance providers typically have checklists or a minimum set of standards to follow for coverage. This is very similar to home insurance. If your insurance company recommends a new roof for example, and you don’t comply, don’t expect coverage if you have a major leak.

Cyber insurance is continuing to evolve as cybersecurity issues emerge. The one thing for sure, however, is that cybersecurity insurance can help protect your operation, your employees’ source of income and your client’s data.

Want to learn more about cybersecurity communications? Contact us at TaylorMade Solutions .

This blog post was previously posted on the CyberNB blog.

What Your Business Doesn’t Know About Cybercrime Will Hurt You

cybersecurity, cyber security, Heather-Anne MacLean

Cybercrime isn’t going away. In fact, it continues to grow. Cybersecurity Ventures predicts that cybercrime will cost the world in excess of $6 trillion annually by 2021. If that number doesn’t alarm you, the fact that 43% of attacks are focused on small business, and that 60% of small businesses attacked go out of business within six months, should.

In April, the Canadian Chamber of Commerce issued a report entitled: Cyber Security in Canada: Practical Solutions to a Growing Problem. This extensive report provides insight on the current cyber landscape, including business costs and business losses due to cybercrime. It also provides information on the growing role of cybersecurity insurance in protecting businesses. It also offers results from their important and timely research detailing significant gaps in five key areas. (Recommendations from the report are below):

  1. Technology;
  2. Public Relations;
  3. General Awareness;
  4. Legislative Requirements; and
  5. Insurance

This report is particularly interesting for small and medium enterprises (SMEs) because of the statistics above. “All companies are targets for cyberattack, and specific solutions change daily. Yet in many companies, there is a lack of ability to recognize these breaches. Today’s attacks are about the data, not the company or person, and they are designed to be invisible.

SMEs continue to believe risk does not apply to them because they believe criminals are targeting large enterprises. While this was certainly the case for a number of years, a shift that emerged beginning in 2013. Especially relevant and noted by Symantec in 2015, was 43% of Small Businesses were the focus of spear-phishing attacks versus 35% of large businesses.

One of the most significant and famous breaches–the Target attack–occurred as a result of a small business. It was an HVAC company working with the retail giant, which consequently had week security. A part of Target’s supply chain, they were ultimately breached and most probably unaware. This meant that criminals were able to breach Target. Three years later reports in the media detail how Target has agreed to pay $18.5 million to settle claims by 47 states and the District of Columbia. This is over and above the total cost of the data breach being $202 million. And what happened to the HVAC company? It went out of business.

Consequently, the Canadian Chamber of Commerce acknowledges in its report, SMEs know they have to do more. With 98 percent of Canada’s economy comprised of SMEs, taking steps to obtain cybersecurity certification, cybersecurity insurance, and more is not something that can be postponed any longer. “For most companies, data is now their most valuable asset. Our goal is to point business in the direction of finding a common sense approach to risk management to protect those assets,” notes Scott Smith, Director, Intellectual Property & Innovation Policy, Canadian Chamber of Commerce.


The Canadian Chamber of Commerce provides nine specific recommendations in this report that merit review and understanding to help mitigate cybercrime.

  1. Government cannot protect everything, but it does have pivotal responsibilities
  2. We need an outcome-based, systemic/cohesive approach and common model of understanding
  3. Develop a “Secure Canada” Approach
  4. Develop a National Cyber Policy Framework
  5. Adopt an Enterprise Risk Management Approach and Collaborate
  6. Increase Canadians’ Cyber Savviness
  7. Government endorsement and support for the deployment of Industry Certification
  8. Incentivize Security Innovations
  9. Both government and industry need to take a proactive approach to the inevitability of Quantum and develop a Quantum-ready Strategy.

For more information download Cyber Security in Canada: Practical Solutions to a Growing Problem.

This post previously appeared on the CyberNB Blog.

5 Things You Probably Didn’t Know About the Irish or Saint Patrick’s Day

TaylorMade Solutions (Canada)

Did you know that New Brunswick’s oldest City – Saint John – is known for its strong Irish roots and history? And for those ready to celebrate Saint Patrick’s Day, we thought we would share a few interesting tidbits with you. If you have more to add to the list, let us know!

1. According to The Irish Story, more than 150,000 immigrants flooded to Saint John between 1815 and 1867. That’s 150,000 people!

2. Following the Great Fire which levelled much of the city’s central peninsula on June 20th, 1877, Saint John was rebuilt almost exclusively by Irish labour.

3. St. Patrick wasn’t Irish and he wasn’t born in Ireland. Patrick’s parents were Roman citizens living in modern-day England, or more precisely in Scotland or Wales (scholars cannot agree on which). He was born in 385 AD. By that time, most Romans were Christians and the Christian religion was spreading rapidly across Europe.

4.The original colour associated with St. Patrick is blue, not green as commonly believed. In several artworks depicting the saint, he is shown wearing blue vestments. King Henry VIII used the Irish harp in gold on a blue flag to represent the country. Since that time, and possibly before, blue has been a popular colour to represent the country on flags, coats-of-arms, and even sports jerseys.

Green was associated with the country later, presumably because of the greenness of the countryside, which is so because Ireland receives plentiful rainfall. Today, the country is also referred to as the “Emerald Isle.”  

5. Corned beef and cabbage, a traditional Saint Patrick’s Day staple, doesn’t have anything to do with the grain corn. Instead, it’s a nod to the large grains of salt that were historically used to cure meats, which were also known as “corns.”

Now of course, this post is just for fun. If you are looking for help with your Marketing and Communications strategy, and specifically to be cybersecurity communications preparedness, connect with us. We can help.