Published on November 16th, 2022 📆 | 3447 Views ⚑
0U.S. ranks fourth, Canada fifth on cybersecurity scale
Canada ranks fifth among 20 countries in its preparation for and response to cybersecurity threats, according to a standard created by an academic journal and a security vendor.
The Cyber Defence Index, created by MIT Technology Review Insights and sponsored by Code42, gave Canada an average score of 6.94, behind the United States (7.13) and ahead of Poland (6.91).
The leader was Australia (7.83), followed by the Netherlands, South Korea and the U.S.. The U.K., France, Japan, and Switzerland rounded out the top 10. Brazil, Turkey and Indonesia were last.
The difference between first-place Australia and third-place South Korea was only 0.42 points.
The subjective scoring rated nations according to how well institutions have adopted technology and digital practices to be resilient against cyberattacks, and how well their policy frameworks promote cybersecure digital transactions.
The scoring system included what the researchers called âin-depth secondary research and analysisâ (secondary information would be, for example, from national policy and regulatory data) along with primary survey data â such as the U.N.âs Global Cybersecurity Index â and interviews with global cybersecurity professionals, technology developers, analysts, and policymakers.
The research was conducted between April and September.
However, the scoring didnât count reported data breaches. In September, first-place Australia suffered a hack of Optus, the countryâs second-largest mobile provider. This month, a ransomware gang suspected of being from Russia apparently copied data on 10 million customers of Australian healthcare provider Medibank.
Australiaâs first-place score âreflects its efforts to make robust digital infrastructure widely available,â the report says. âThe Australian government is applying digital tools and regulatory frameworks to safeguard personal data and digital transactions. It committed to an overhaul of cybersecurity laws, pledging to shelve a previous roadmap. Public urgency rose after the recent hack of Optus.â
While the scoring rated countries by the perceived robustness and the relative security of their critical infrastructure, it also considered their cybersecurity commitments, data privacy legislation, and other factors
For example, the report says Germany was ranked 13th because it has one of Europeâs lowest e-participation scores, due to low adoption in its small-to-medium-sized enterprises (SMEs), its slow digital service delivery, and its dearth of IT talent.
Another factor considered was the willingness of governments to use artificial intelligence to deliver public services.
The ratings were broken into four categories, which were given weights to get each countryâs final score: Critical infrastructure (30 per cent of the score), cybersecurity resources (35 per cent), organizational capacity (20 per cent) and policy commitment (15 per cent).
Canada scored 6.45 on critical infrastructure, 7.12 on cybersecurity resources, 7.29 on organizational capacity and 7.04 on policy commitment.
The U.S. scored 7.49 on critical infrastructure, 7.9 on cybersecurity resources, 6.0 on organizational capacity and 6.14 on policy commitment.
Canada didnât rank in the top five countries in either critical infrastructure or cybersecurity resources. It did rank third in organizational capacity, and fourth in policy commitment. The position in this category may have reflected the federal governmentâs proposed cybersecurity legislation, demands on Rogers Communications after a huge network outage, and the proposed updating of the private-sector privacy law.
Many of the worldâs efforts to harden critical infrastructure focused on creating secure and tamperproof digital identities, the report notes. âThis proved difficult even in the most advanced economies,â it added. For example, it points out that while Canada established the Pan-Canadian Trust Framework to promote the creation of digital IDs in 2020, the Digital ID and Authentication Council of Canada (DIACC) has not been able to develop a national digital identification system, and most provincial governments are still only in the
planning stages.
Related content: Canadian privacy commissioners on digital ID
The report notes that despite growing cybersecurity awareness and knowledge, there is a gap between maintaining rigorous operational discipline and being truly secure. âThe future of cyberdefense depends on the collective capabilities of its organizations and institutions
to continuously assess new data,â it says.
âComplete data â about the systems involved in cyberattacks, frequency of attacks, information about the attackers, actions by the companies including any errors made, losses and expected losses, and other sophisticated data â is needed to create a new, secure, and rigorous operational discipline,â says the report.
However, it adds, some companies â like banks â wonât divulge even basic data, fearing legal liability issues.
Gloss