“Canada has entered a new era of cyber vulnerability.”
Those are the chilling first words of the introduction to Canada’s National Cyber Threat Assessment 2025-2026, released at the end of October. The report describes a world filled with complex threats and shadowy threat actors.
It’s a scary world – but one that Canadian cybersecurity firm ISA Cybersecurity understands well. Among their hundreds of customers
across Canada, ISA Cybersecurity serves some of the country’s largest financial institutions, educational institutions, healthcare facilities, and more. They help these organizations face emerging cyber threats head on.
Calgary.tech recently caught up with Syed Ahmed, Associate Director, Security Operations Centre at ISA Cybersecurity to learn more about today’s cybersecurity landscape. In a wide-ranging discussion, the 15-year veteran of the cybersecurity field shared some sobering statistics, real-life insights, and practical tips for helping organizations steer clear of a successful cyber attack. And spoiler alert: he talks about AI.
What is cyber crime? Who’s doing it, and who’s most at risk?
SA: Put simply, cyber crime is criminal activity targeting digital devices and data. While most often launched from outside an organization across the Internet, cyber crime can come from insider threats as well. Cyber crime can take many forms – from stealing information for resale, ransom, credit card fraud or identity theft, to unauthorized use of computer resources and disrupting operations for ransom or political motives.
Cyber criminals can range from disgruntled lone-wolf insiders with access to sensitive data, to well-organized cyber crime rings and state-sponsored attackers. Most cyber criminals are financially motivated, while others do it for fun or the challenge, for personal benefit, or to further a political or social agenda.
Organizations that have valuable assets or access to sensitive information are prime targets: just think about how much data financial institutions or government entities have under their supervision. Critical infrastructure and healthcare are the focus of many attacks because of their low tolerance for downtime. The education sector is often targeted as well because of the perception that schools may be easier to breach and hold for ransom than other organizations. In today’s hyper-connected digital world, anyone on the Internet runs the risk of being victimized unless they take appropriate steps to defend themselves.
Why is cyber crime on the rise? Are organizations and people not taking cybersecurity seriously enough?
SA: I think there are three key reasons why cyber crime is on the rise.
First, it’s easier than ever to get access to highly sophisticated hacking tools. With some nation-states providing financial support and safe harbour for cyber criminal operations, hacker groups have the means to launch attacks as well as offer ransomware “as a service”. What’s more, vast collections of stolen credentials are available for purchase on the dark web: according to the ReliaQuest Annual Cyber-Threat Report: 2024, there are more than 36 billion credentials posted on the dark web and criminal forums.
Second, a key driver behind the growth of cyber crime is AI. For example, AI tools can develop extremely realistic, highly targeted phishing emails that can fool victims. Additionally, AI has made it very easy for anyone to write a malicious script that can then be used for criminal activities. There are even open-source AI models that can be leveraged for a complete “How to” guide for these purposes. Once the hackers are in, they can further leverage AI to support their attacks and avoid detection.
The third reason is pretty simple: cyber crime is profitable. According to the two most recent FBI Internet Crime Reports, cyber criminals walked off with US$10.3B in 2022, and the losses increased to US$12.5B in 2023. (To be clear, these figures represent the reported amount of money stolen or extorted from U.S. victims. The total costs of global cyber crime are much higher in terms of lost productivity, recovery efforts, fines, and so on).
I believe that many people are taking cybersecurity seriously. There’s certainly awareness: for example, ISA Cybersecurity recently conducted a survey in which 95% of respondents said they’d be willing to use extra security measures to protect their financial accounts and personal information. It’s clear that some organizations are finding cybersecurity to be rather overwhelming too. Particularly if a company is just getting started with a security program, it can be difficult to decide where to begin making improvements. But a reactive approach can be costly: experience shows that companies that delay implementing robust security measures until after an attack occurs are asking for trouble. Consider the X-Force Threat Intelligence Index 2024 report from IBM Security, which noted that 84% of critical infrastructure incidents occurred where initial access vectors could have been mitigated with security best practices. Businesses and individuals alike have to realize that anyone can be a target; however, if they take care of the basics and maintain vigilance, they can ward off many attacks.
What are the top three things an organization should do to strengthen their cybersecurity posture?
SA: For quick wins, implementing strong authentication measures is an essential first step. According to Verizon’s 2024 Data Breach Investigations Report, abuse of stolen credentials is now tied with phishing scams as the most common method used by hackers to breach systems. Using long and strong, unique passwords for all accounts, implementing a password management system, and enabling multi-factor authentication (MFA) wherever possible can significantly reduce risk.
Second, supporting a strong security culture through security awareness training is critical. People are an organization’s first line of defense, so helping employees to be more vigilant can prevent a lot of problems. Human error is often the weakest link in security, so educating staff about phishing scams and social engineering tactics, and empowering them to report potential security threats will help prevent attacks, and mitigate the impact of an incident.
Finally, building a strong security infrastructure is vital. The basics of keeping software up to date with the latest patches, making sure endpoint detection and response (EDR) is in place, and maintaining secure, reliable and tested backups are in place are just the start. In many of the cyber incident response engagements I work on, these “table stakes” issues had not been addressed and led directly to harmful ransomware attacks and data breaches.
But let me be clear: a “top three” list will differ by organization, by industry sector, by size, and by cyber maturity. The most effective way of starting to improve an organization’s security posture is to consider a cyber threat assessment and a security gap assessment. These reviews will shed light on what’s most important for the organization to protect, what specific threats are out there that have to be mitigated, and will provide a prioritized list of cybersecurity improvements that need to be made.
How can organizations overcome obstacles, such as cost and complexity considerations, when it comes to cyber defenses?
SA: Given that resources tend to be tighter these days, a strategic, consolidated approach to cybersecurity is key. There are literally thousands of tools out there, and I’ve seen firsthand how some organizations have acquired a range of security applications and services over the years, only to have overlaps (and gaps) in their defenses. By streamlining security operations and reducing complexity, organizations can improve efficiency and effectiveness while managing costs. This involves conducting a thorough discovery exercise to understand the existing environment, eliminating redundant tools, and consolidating overlapping technologies. Looking to technology that can automate common tasks can be a real winner. In addition to reducing the burden on staff, faster recognition and response can reduce attacker dwell time and the costs associated with data breaches.
It’s also important to recognize that cybersecurity is a team sport. Look to share knowledge with other organizations in your sector, and leverage the assistance of service providers who have the experience and resources to help. Communication is vital. I have spoken with many IT professionals who find it difficult to secure funding for their security projects because they struggle to build a compelling business case for their management or shareholders. By positioning cybersecurity as both a risk mitigation strategy and a growth enabler, IT leaders can “sell” security projects to the financial decision makers.
Can you give an example of how your firm helps organizations address cybersecurity threats?
SA: ISA Cybersecurity has worked hard to develop a wide range of delivery models to allow organizations of all sizes to benefit from our experience and expertise. For larger or more complex organizations, we offer a wide range of services, from role-based consulting to help bridge cyber talent gaps, to our advisory practice that can help develop or refine their governance, compliance, and cyber strategies. For smaller organizations, our Infinity program offers hassle-free, affordable access to important foundational cybersecurity services. We offer 24×7 incident response service to support our customers in case of a cyber incident. And we provide an extensive range of managed security services to organizations of all sizes, giving them access to cyber expertise while reducing costs and taking admin headaches like staffing and round-the-clock monitoring off their plates. These managed services include SIEM, EDR, security awareness, vulnerability management, threat intelligence, dark web monitoring, zero trust, and more. All of this is supported by an extensive partner eco-system and network of consultants that I believe is second to none in the country.
How does your team stay updated with the rapidly evolving cybersecurity trends and technologies?
SA: Continuous learning and professional development is important in many fields, but particularly so in cybersecurity. Our team regularly pursues relevant certifications and keeps them up to date. Members of our staff frequently attend and present at cybersecurity conferences, webinars, and workshops to share information about the latest threats, technologies, and best practices. We participate in online courses and webinars offered by reputable organizations and cybersecurity experts; subscribe to cybersecurity newsletters, blogs, and podcasts; follow cybersecurity experts and organizations on social media platforms for real-time updates and insights; and encourage staff to join professional cybersecurity associations and forums to network with peers and share knowledge.
Some of our senior team members also engage in cyber exercises and competitions to practice responding to various attack scenarios in a controlled environment. Our team leverages threat intelligence services to stay abreast of emerging threats and vulnerabilities, and leverages our extensive partner network and relationship with academic institutions to share threat intelligence and best practices.
With the explosive growth in AI, how is AI affecting the cybersecurity field?
SA: AI is having a massive impact on the cybersecurity field. In just the last few years, AI has revolutionized how attackers are targeting businesses, and how organizations detect, analyze, and mitigate threats. More and more, cyber criminals are using AI to devise and launch increasingly complex attacks; to bypass cyber defenses and avoid detection; and to propagate their attacks more quickly once they’re inside a network.
Since the bad guys are using AI, it’s really important for organizations to leverage AI to enhance their cyber defenses to keep pace. For example, in the area of threat detection and response, AI has significantly improved the ability to detect and respond to cyber threats in real time. Traditional cybersecurity relied heavily on predefined rules and signatures, often reacting to attacks after they occurred. AI-powered systems can analyze vast amounts of data quickly, identifying patterns and anomalies that might indicate a potential threat, and filtering out false positives. Machine learning algorithms enable cybersecurity systems to adapt and learn from new data and emerging threats, continuously improving their efficacy over time, and can analyze user behavior and network patterns to detect anomalies that may indicate a security breach.
AI is automating many other cybersecurity processes too. Areas like vulnerability scanning, risk assessment, and incident response are seeing improvements through automation, saving organizations time and resources. AI is also enabling system monitoring and inspection of external network traffic at a much larger scale than human security experts, identifying suspicious activities more efficiently.
We’re seeing the difference when AI is used for defense. According to IBM Security’s Cost of a Data Breach Report 2024, organizations that extensively use security AI and automation were able to identify and contain data breaches nearly 100 days faster on average than organizations that didn’t use these technologies at all. This leads directly to reduced costs, as organizations that extensively use security AI and automation had average costs US$1.88 million lower than those that didn’t.
Looking ahead, what emerging trends, technologies or threats do you project will shape the future of cybersecurity in Canada?
SA: The continued expansion of cloud computing and IoT is broadening the attack surface for many organizations, making robust security measures more important than ever. As cyber criminals use techniques that are more and more sophisticated, ransomware attacks are evolving and becoming more targeted. As we settle into permanent remote and hybrid work arrangements, identity access management (IAM) will need to be a focal point for security programs. We’ve seen that credential abuse is a growing trend, so IAM, the principles of least privilege, and zero-trust architectures should be top of mind for everyone.
I see a trend toward increased collaboration among governments and private enterprise to help prioritize cybersecurity resilience, invest in advanced threat detection and response capabilities, and foster a culture of continuous learning and adaptation to stay ahead of evolving cyber threats.
And there’s no doubt that AI will continue to have a huge impact on cybersecurity for the foreseeable future. It’s creating both new attack vectors as well as new defensive capabilities, and is creating new challenges for organizations in terms of data governance, IT policy, and ethics. Now is the time to be prepared.
Leave a Reply