Video Presentation

Cyberstats Challenge: Canadian Businesses and Cybercrime

Ayeleso Emmanuel Celestine and Parsa Vafaie from the University of Ottawa presented their analysis of data from the Statistics Canada Cybercrime Survey at our 2019 Workshop in Ottawa. This was as part of a competition aiming to better align recent evidence and statistics with best practices for business. Participants thoroughly examined the data from Statistics …

Cyberstats Challenge: No Industry is safe from Ransomware

Mahreen Naisir, Fahan Mahmood and Vipul Malhortra from the University of Windsor presented their analysis of data from the Statistics Canada Cybercrime Survey at our 2019 Workshop in Ottawa. This was as part of a competition aiming to better align recent evidence and statistics with best practices for business. Participants thoroughly examined the data from …

Interrogating Best Practices in Secure Operations and Development

Security operations and secure development are critical requirements that receive significant personnel, resources, training and other kinds of attention. As best practices proliferate, there has been little empirical research as to which are most effective and why. In this talk, I will review recent empirical studies that examine in depth the utility of threat modeling, …

Evidence Based Cybersecurity and its Relevance for Guiding Security Experts’, Law enforcement agencies’ and Policy Makers’ Efforts in Cyberspace

Evidence based cybersecurity is an approach aiming to support security professionals’ and policy makers’ decision-making processes regarding the deployment of security policies and tools, by calling for rigorous scientific investigations of the effectiveness of these policies and tools in achieving their goals in the wild. This approach focuses on the human players who use cyberspace …

The Low-Tech Communications of High-Tech Financial Fraudsters

Much case has been made of the use of sophisticated anonymity tools by financial fraudsters that hack financial institutions and steal personal and financial information. Our past research has shown that these technologies were used to protect the fraudsters’ privacy and to facilitate their attacks against financial institutions. Our latest interactions and analysis of the …

Improving Cybersecurity Through Private Insurance?

While dealing with interconnected and global risks, the cyber-insurance market is intensely growing. This market is a creature of privacy and data security regulations, and mandatory breach notifications have shaped its business model. Market stakeholders suggest that cyber-insurance provides incentives and resources to insured organizations for improving cybersecurity. This presentation seeks to empirically test this …

Rotten Supplies – Supply Chain Attack Case Studies

We have seen an increase in supply chain attacks in the past few years. Some of these attacks have something in common: they involve a compromised Linux server to distribute malware or act as C&C server. This presentation will use real world case studies: the Transmission BitTorrent client distributing OSX/Keydnap; the M.E. Doc compromise responsible …

Digital Campaign Threats in Canada: Party Responses in an Age of Disinformation

This presentation reported on results from the examination of interference using disinformation through digital platforms. Its methods relied on media monitoring (both traditional media and social media) and interviews with party strategists. The aim was to detail the main instances of disinformation and other digital threats, and to analyze how each of the major parties …

Policy Frameworks for Election Cyber-Security in Canada

Compelling evidence of foreign cyber-interference in the 2016 US Presidential election campaign has prompted a robust policy response in Canada at the federal level. This presentation will review legislative changes, the critical incident contingency plan, and initiatives to promote voters’ resiliency, and offer an early evaluation of their implementation in the 2019 campaign. About the …