Khoury says the two countries have become essential partners in fortifying the continent’s cyber defences, a collaboration he expects will only continue to grow.
But in a world of ransomware, foreign interference and hostile nation-states, he worries that citizens and businesses alike aren’t taking the danger seriously.
Khoury says the only thing that keeps him up at night is the risk of the Cyber Centre’s alerts and advice being disregarded, due to cost or apathy.
He says reports often show that years-old software vulnerabilities are still being exploited, a sign that computer systems aren’t being updated.
“It’s important that people look at that in a serious manner,” Khoury said in an interview.
“I know that sometimes updating a system can be costly, but the flip side of that is not updating it opens you up to a vulnerability that might cost you more than just updating the system.”
Small and medium-sized businesses are at particular risk, especially as larger, high-profile companies—especially those that operate critical infrastructure—gradually fortify their defences.
“They’re small, they’re medium, but they play an important role in society, and it’s important they take cybersecurity seriously,” Khoury said.
“In many cases, these cybercriminals will go wherever they can find an opportunity. And if they see an opportunity in exploiting your networks or your operations, they will not hesitate.”
“It’s the same infrastructure on both sides of the border.”
The previous month, a leaked trove of Pentagon secrets included reports of hackers based in Russia that had successfully accessed Canada’s natural gas distribution network, although a specific company was not named.
And in 2021, with the world still in the throes of the COVID-19 pandemic, a ransomware attack effectively forced a six-day shutdown of the Colonial pipeline, triggering fuel shortages across the country.
Infrastructure systems have proven popular targets for hackers because of the often profound residual effects such attacks can have, as well as the tactical value of commercial intelligence, Khoury said.
In addition, cybercriminals working on behalf of nation-states are often keen to secure access to such systems not to wreak immediate havoc, but to lie in wait in the event of geopolitical developments that warrant an attack.
“The message has to be repeated,” Khoury said.
“We have to constantly push the message out that the threat is real, that companies have to take it seriously, that they have to build resilience and that they have to be vigilant about their networks and their activities.”