Cyber threats have been around as long as the Internet, but attacks have ramped up in the last few years, with the pandemic dramatically shifting more of our work—and our lives—online. Organizations also moved more of their operations to the cloud, creating a new potential liability.

Recent high-profile security breaches have crippled some of Canada’s largest companies such as Empire Foods, Indigo, and Maple Leaf Foods, with costly impacts to the tune of tens of millions of dollars. Organized crime and some nation states are getting better and better at breaching existing security. It’s up to Canada to leverage our talent, technology, and knowledge to turn those cybersecurity challenges into opportunities.

On this episode of Disruptors, an RBC Podcast, host John Stackhouse takes a deep dive into what is being done to fight cybercrime. Guests include Adam Evans, RBC’s Senior Vice-President & Chief Information Security Officer Michelle Zatlyn, founder, President, and COO of Cloudflare, and David Shipley, founder & CEO of Beauceron Security. What are the biggest risks to your data and what’s being done to keep it safe? Listen in to find out.

Show notes:

For more information about Cloudflare, check out their website. Click here to read about Beauceron Security. More information about RBC’s cybersecurity initiative can be found here.

John Stackhouse [00:00:01] Hi. Its John here. It’s only March and 2023 has been an incredible year for cyber attacks. In fact, the worst year on record. There are high profile security breaches that have caused serious damage to some of Canada’s largest companies, including Empire Foods, Indigo and Maple Leaf Foods, with costly impacts that are running into the millions of dollars. Cybersecurity has become an increasingly national security issue, too. And hackers are getting more and more sophisticated. We’re going to talk to some incredible leaders in the space. But before we get going, I wanted to turn to someone who knows more about cyber than almost anyone else I know. Adam Evans is RBC Senior Vice President and Chief Information Security Officer. Adam, welcome to the podcast. Thanks very much for having me, John. Adam As I noted in the intro, it’s been a year and we’re only in March. Give us a sense of the scale of what’s going on out there today. What I’ve certainly seen in the last few years, John, is what I would call the democratization or the commoditization of crime. What I mean by that is you’ve got threat actors that are operating in criminal undergrounds and they are commodities in criminal services. They’re offering up ransomware as a service breach, as a service malware, as a service, and they’re franchising out those services to other cybercriminals. So the sophistication required to execute an attack against an organization or an individual is obviously coming down. The barriers of entry into cybercrime are coming down. And at the same time, organizations like RBC or other businesses are digitizing and the bad guys are also digitizing. They’re leveraging things like machine learning and artificial intelligence and automation so they can attack organizations or individuals at scale. And to me, the last piece I should mention is that we as a society are putting more information than we ever have before online. So we’re creating this target rich environment. These guys can collect all this information at scale. They can tailor it as they set up their attacks against individuals or organizations, and that increases their success rates of successfully compromising an institution, a business, small, medium or large or an individual. So it’s sort of a perfect storm is brewing for certainly the cyber and in the underground marketplaces that they operate in. And yet, in spite of all those incredible threats, many firms are seeing security now as an asset. It’s a strength for organizations. Give us a bit of more sense of what’s going on there amongst those who are turning more to the offense, if I can put it that way. Yeah. So I think as we become more connected or interconnected and we’re doing more and more things online, we as individuals are taking an active role in our own security. How do we protect ourselves and our families? More online and organizations are going through the same thing. They’re becoming far more educated about how these threats unfold, the types of things that they are going to be managing as they operate their their businesses in this digital threat landscape. So as companies go through their digitization and we as individuals are becoming more interconnected, we need to make sure that we take an active role in how we protect ourselves. And obviously, the more knowledge we have about the cybersecurity landscape, the better off we are and the more secure we are. And that trust is now become an intrinsic part of the customer relationship with a business. Any business that you do transactions with and a bank is no different. So we are investing in educating not just our employees, but our clients and making sure that when they’re interacting with us as a bank, they’re doing it in the safest way possible. But hopefully they take those skills and that knowledge into their daily life and they’re able to protect themselves and their loved ones more effectively. I’ve heard you say, Adam, that were attacked every day, all day, which is daunting. Most organizations are going to have the resources to deal with that. What’s the future for them? So you’re starting to see more and more services that are available to businesses through, you know, the likes of the Microsofts of the world. So you can simplify some of your technology by allowing a company like the Microsoft with their cloud services to potentially give you some of that security inherently in the services that they provide to you. But I think it all comes down to risk. You have to understand the risk that you as a business own and operate. So you look at where your riskiest services or information assets are. You divert your resources to make sure that you’re protecting those resources from compromise, from inadvertent leakage. As you hire people into your organization and you educate them, they become the first line of defense. And it’s a very human centric security approach. What can we all be doing differently and doing better? Staying educated, I think is. The biggest thing is preparing for the when of it, not if it’s going to happen, it is going to happen. That’s a great point to wrap up on. Adam, thanks for being on disrupters. Thanks very much for having me. That was Adam Evans. RBC Senior Vice President and chief Information Security Officer, talking about cybersecurity during fraud prevention months. As we just heard, cybersecurity is getting closer to one’s core business, but it’s also creating a new set of challenges. It’s a risky new landscape, but with that, a large opportunity. This is Disruptors. An RBC podcast. I’m John Stackhouse. Joining us now is Michelle Zeitlin, a Saskatchewan born entrepreneur who is the CEO, co-founder and president of Cloudflare, a San Francisco based Internet infrastructure and security company. Cloudflare, among other things, blocks an average of 126 billion cyber threats every single day. Michelle, welcome to Disruptors.

Michelle Zatlyn [00:06:11] Hi, John. So great to be here. Thank you for having me.

John Stackhouse [00:06:14] I want to start with that number, 126 billion cyber threats every day. Give us a sense of where that’s coming from.

Michelle Zatlyn [00:06:22] It’s a big number. Sometimes it’s hard to process. I think maybe stepping back, the Internet is becoming more important to everyone’s life. And you just have to think about your own life to see how that is the case, where as individuals, we’re all spending way more time on our computers or in our mobile phones and then at work, we do so much more of our work in a digital environment. And so as all of us spend more time on the Internet, cybersecurity becomes so important because it’s all in this digital space. And what’s interesting is you see in this number 126 billion cyber attacks, that’s how many attacks we stopped on behalf of our customers yesterday. And so I think it’s a real testament to Internet traffic is up, which is great, and allows all of us to do a lot of different things and in a positive way. But at the same time, there’s a whole threat landscape that businesses and people have to think about as they spend more of their time online.

John Stackhouse [00:07:14] You may not have pictured that perfectly as the future when you and one of your Harvard Business classmates founded Cloudflare back in 2009. But today, I believe it’s somewhere in the range of 20% of global Web traffic runs through your servers. You have some pretty unique insights. Given this reach, can you share some of those in terms of what the biggest changes are that you’re seeing out there, both in security and resilience?

Michelle Zatlyn [00:07:40] For sure. For sure. Well, the first is that because Internet traffic is up, so are just general online risks. And so if you look over the last year, cyber attacks globally increased 40% year over year in 2022. One of the other interesting insights is 90% of those attacks start with a phishing attack, which basically means 90% start with a person, an individual. We’re seeing some of the biggest attacks we’ve seen. And then a bunch of these attacks start with the individual who often are employees at a company and saying, well, there what are the implications around that?

John Stackhouse [00:08:19] Where is the increase in attacks coming from?

Michelle Zatlyn [00:08:21] They’re really broken down into three main areas. The first is Adidas attack and Adidas attacks. It’s called a denial of service attack. Making it hard for a business was an online service. They kind of knock it offline. A good analogy is if you’re going to the bank to try and get money out of the ATM. And there were 100 people in front of you, but they’re actually not taking money out of the ATM. 100 people in front of you actually aren’t legitimate patrons and you’re stuck 101 in line, can’t get access to the ATM. So in the digital world, that’s called the dial service attack. And that is one source of these of these increased threats where we’re just seeing a lot more DDoS attacks against businesses. And the good news is if you have the right solution, it’s very easy to deal with it. But there’s just a bunch of businesses that haven’t gotten to putting in the right solutions yet. And so they’re very prone to it and so they’re very effective. The second rise comes back to people, and as we all work from everywhere and before, you know, a few years ago, you basically went into an office building and the office building was very secure. But now there’s a lot more of a hybrid work structure where we’re doing work from our homes, from our cars, from coffee shops, as well as an office buildings. And so some of the attackers are taking advantage of that. They’re seeing it as an opportunity where all of a sudden my hybrid work setup isn’t as good as where it was when I was going to this fortress office building every day. And so there’s a big increase in targeting individuals, and it’s been a pretty effective. The third one is around ransomware. And if you are a business who receives a ransomware note, I can promise you that is not a good day. It’s very violating. It’s very stressful for your team and often you have very little time to make a decision about what you’re going to do. And if you’re not well prepared, there could be a lot of consequences to those decisions that you make.

John Stackhouse [00:10:08] I would not want to wish this on anyone, but if it does happen to someone, what should people think about and do in those early moments?

Michelle Zatlyn [00:10:15] So step one is you something you write about in the news to ask yourself, How would we have fared? And you will learn a lot both. You either feel better being like we would have fared really well, or actually it exposed all these gaps. And now let’s go fix it. So get ahead of it If you don’t get ahead of it and these things happen, let me tell you, those ransomware attacks, those emergency situations, John, always happen on a Friday evening or a Saturday, always, because teams are less staffed up. You can’t get the right access to the right people internally. They’re not available. They’re out enjoying their Friday night or they’re sleeping or they. Went away for the weekend. But if you do find yourself in this unfortunate situation, don’t pay the ransom. It’s really hard. You kind of want to call some experts to get some help and do some smart things to get ahead of it. There’s lots of great vendors who are out there to help advise and say, here’s what you should do, and then share the information so it doesn’t happen to others. A lot of organizations don’t call anyone for help and they try and deal with it themselves cause they’re worried about the media headlines. And I think often they end up in a really tricky situation when they follow that playbook.

John Stackhouse [00:11:19] This really is war. And I got to hear your co-founder, Matthew Prince, talk a bit about this at Davos a few months ago. And he explains Cloudflare is role in the Ukraine conflict, which is a pretty incredible story, both in terms of what you’ve done to help Ukrainians up their cyber defenses, but also help Russians who want to get around Putin’s firewalls. What does Cloudflare learn from the conflict that may be relevant to cyber conflicts everywhere?

Michelle Zatlyn [00:11:49] You know, it’s interesting. It’s awful. At first when the conflict happened, there was a lot of speculation that there would be massive attacks against Western businesses. And I don’t think there have been massive attacks, mostly because everyone’s been really busy with the on the ground conflicts. But we do see an increase in probing. And what’s interesting when you look at the data, John, is you would say, okay, the attacks are coming from Russia towards these Western businesses or countries. It’s not like that. The source of the attack is from many Western countries around the world, and it’s not like Singapore is doing it, but they have some devices that have been compromised that are being controlled somewhere else. And so the source of the attack actually is coming from within Germany or within Singapore looking for these vulnerabilities, but being controlled elsewhere. And that’s why sometimes trying to understand who’s behind the attack is actually a very hard question, because often the resources being used to launch it are in a physical, different location, often a physically different country than where the person who is controlling it. That’s what we’re seeing, where they’re using compromised resources around the world to look for these vulnerabilities and probes. I guess what that means we can all do or a couple of things. If you run your software updates individually, super important, like run your updates, that’s a really good security practice. And if you’re a business, there’s some messaging around it shields up making sure that you’re learning from other companies and what’s happening and using this time to do your own review of saying, okay, if this happened, how well are we prepared, Where are we strong, where we weak? What are we doing to close the gap? You’ve got to be having those conversations internally, otherwise you will be compromised and it will be a Friday night and it will then be an emergency.

John Stackhouse [00:13:35] We’ve heard in a few conversations now this idea of cyber culture, and you get to see a lot of organizations. What do the ones who have a strong cyber culture do? Right?

Michelle Zatlyn [00:13:46] It’s really this idea of it’s everybody at the companies job, not just my team’s job. And so whether you’re in marketing or sales or even security team, of course, the security team keeps the company secure. But they talk about it internally. They do training internally. There’s a mechanism to say, hey, this looks strange, even if it ends up being not a real security vulnerability versus not. I think that internal training is really important. And then the second aspect is really cross team collaboration. It’s often security teams partnering with the IT organization, with the engineering organizations saying, Hey, I understand we have this vulnerability, okay, what are we going to do to close it? So this internal collaboration and then the third piece, John, is really learning from other people’s mistakes. Sometimes they’re very public and that can be hard to read about and say, okay, using that situation, say, would we have been better prepared? What are we going to do about it? And then in the in the security world, there’s a lot of private conversations that take place to and being part of those conversations, but really saying how do we rise all tides? This is an evolution. You’re never done. You’re never 100% secure. It’s a never ending conversation. But having a system saying, okay, how are we doing? How we tracking? And if you just have that iteration in evolution, all of a sudden you’re in the top quartile trending really, really well and defending not only your customers and your employees from attacks, but protecting the business. That’s a really good cyber culture.

John Stackhouse [00:15:09] Michelle, you shared some great insights as well as advice. I wonder if we can wrap up with some thoughts on where you see things going from here. Cloudflare has a great purview of the entire world. Where do you see things going, not only through the rest of 2023, but in the years ahead.

Michelle Zatlyn [00:15:28] So right now what I see is we are going to continue to hear about breaches and cyber attacks. They’re not going away anytime soon. And we as people and businesses have to take it seriously. Now, here’s the good news. I have two pieces of good news. The first is I do believe that the solutions today are much more effective and more. More economical than they were five years ago. There’s a lot of easy to use, very effective, well priced solutions that really make it easier for businesses and people to take these things more seriously. I am hopeful as more organizations and people, as all tides rise, we learn more. We realize this is something that we just as we spend more of our time digitally, this is just part of doing business digitally and that’s okay. And our norms get more baked in. And as more organizations have layered in the security that was to be completed at a later date, like they’ve put that into their into their organizations, that five, eight, ten years from now, the whole Internet has been fortified and we are in a much better place collectively. And then there’ll be some new trend to have to deal on. But that that is kind of my prediction for the future. But right now, you got to take it seriously. And if you’re not, it’s like your organization. If you’re on a team within an organization and then you individually, we all have a role to play.

John Stackhouse [00:16:44] Everyone be on high alert, but there is hope on the horizon. Michelle, thanks for being on disruptors.

Michelle Zatlyn [00:16:50] Thanks for having me.

John Stackhouse [00:16:52] That was Michelle Zatlyn, COO, co-founder and president of Cloudflare. Canada is home to some great companies fighting the good fight, including Fredericton, based booster on security. Joining me now is David Shipley, both Orion’s founder and CEO. David, welcome to Disruptors.

David Shipley [00:17:09] Thanks for having me.

John Stackhouse [00:17:11] David, let’s start with the name Beauceron. There’s got to be a story behind that.

David Shipley [00:17:14] There actually is a bowser on is a sheepdog from northern France, and we named our company after this great breed. In honor of something we called the Sheepdog Effect. How do we turn people from the passive victims of cybercrime into the active defenders, from the sheep to the sheep dogs? Now, we would have picked sheepdog security, but the name was already taken. So we were down to two dog breeds. And as the boss, Ron had the right breed characteristics and a little nod to new Brunswick’s bilingual nature. We thought a French sheepdog would be great. We never anticipated that it would be pronounced hilariously around the world, and nor do we anticipate that gentleman from the coast region of Quebec are also known as both sirens, which we are glad to to also acknowledge as well.

John Stackhouse [00:17:56] Well, you had me a sheep dog. That’s a great introduction to the company. And I wonder if you can tell us a bit about yourself because you’ve been referred to as the accidental cyber CEO. How did you get into the sector?

David Shipley [00:18:07] So I’ve been a Canadian Forces soldier. I was an armored driver and gunner. Then I became a newspaper reporter after I graduated from university covering business, crime and politics. I left that to become the Digital Marketer website lead for the University of New Brunswick. And on Mother’s Day 2012, we got hacked by a hacktivist group called Team Digital. And on that Sunday morning, I was out walking my Greyhound and I got the nasty note from the attacker saying, We’ve posted your stuff to pastebin your IT admin suck. So I called my friends in the IT department who I worked closely with and said How can I help? And I used the skills I had from the military and from communications to help do what we would now call incident response. And from that experience I learned that cyber is more about people, process and culture than it ever is about technology. And so that’s where we went down the journey of focusing on the human side of cyber.

John Stackhouse [00:18:55] As a great point. And I’m sure we’ll get more into this, that cyber is much more about people than technology. One might say the same of real military conflict which you’ve been exposed to. What are some of the similarities and differences, David, between classic military combat that you trained for and the cyber world that many of us did not prepare for?

David Shipley [00:19:16] Well, in a firefight, you see the bullets coming. You know where your enemy is In the heat of all that in cyber, you don’t see the shot coming until it’s too late. It’s a lot more subtle. And what we’ve learned from the conflict in Ukraine is that cyber conflict is best in the period between peace and war. That gray zone when hostilities are escalating. And you can see that in the in the experience of Ukraine from 2014 right up to the launch of the invasion in 2022, they used it for intimidation. They used it to cause economic harm. So cyber is highly useful as a political tool, as an espionage tool, as a public influence operational tool, but as a destructive tool. It has not fulfilled that, that clear, easy to use operational purpose.

John Stackhouse [00:20:04] Why is that?

David Shipley [00:20:05] Well, because if you’ve got a relatively good defense behind it, it can take a long time, months or years for a team to get lucky enough to break in. Because keep in mind, most times when you break into an organization, it’s through the use of social engineering. So phishing emails, text, phone calls, etc.. But 80% of the time you’re not finding some obscure bug in a firewall. You’re getting someone to click on something in an email. And depending on how good the organization is, you may get a one in five chance where someone falls victim and then you’ve got to get by all the security tools that might catch that on the way through. So it’s tough.

John Stackhouse [00:20:43] This has been an extraordinary year. Every year seems like that in cybersecurity. But this. Truly has been. What are you seeing or realizing today that you might not have appreciated a year or so ago?

David Shipley [00:20:56] I think, number one, the focus that Ukraine put on basic cyber hygiene, the core fundamentals of of patching systems, educating users and multi-factor authentication. I think the other thing is it really did crystallize how long it takes offensive cyber operations to actually succeed. They don’t work at the same pace or tempo as physical conflict. The other thing that I wonder about is how cyber will be used in different ways to help Russia’s economy during this period of prolonged sanctions. And for those who aren’t familiar. Russia has very interesting relationships with a number of the large ransomware gangs, and these gangs build the criminal infrastructure, the evil cloud, as it were, of tools that are then resold to people around the world to execute extortion crimes and more. And they’re being used more and more to bring in desperately needed cash to the country. North Korea is also doing the same play. Iran is starting to in the same work where they’re not hacking to necessarily kick off a fight with the Western world, but they are hacking to get the money they need to continue their other conflicts.

John Stackhouse [00:22:04] All of this can and should be seen as extremely threatening to individuals or organizations. And we all probably need to be doing a lot more to protect ourselves and those we work with. There’s also a lot of organizations out there that see this as an opportunity as well. The cybersecurity can be an asset. That’s something to invest in for growth, not just for defense. When you work with organizations in a range of sectors, what kind of growth mindset are you seeing on the cyber front?

David Shipley [00:22:35] So I have the privileged position of being the co-chair for the Kenyan Chamber of Commerce Cyber right now council. And this is a group made up of all kinds of cyber businesses of different sizes, everything from giants like Microsoft and Amazon to companies like Beauceron to Phenomenal Made in Canada Cybersecurity stories like BlackBerry, which a lot of people don’t realize is a huge player now in cybersecurity. And we look at this as a massive economic opportunity. Canada has a phenomenal, trusted brand in the world, and we build amazing products. You’ve got great companies like one password, which is, you know, what we would call a unicorn. You’ve got East and Tiger out of Waterloo, Field Effect out of Ottawa, you’ve got VeriFone, which came out of Atlantic Canada, which had a massive sale to Nasdaq, which helps with online fraud and other other types of crime. So we we punch way above our weight. We’re in the top five in the world when it comes to companies making cybersecurity solutions. What’s really interesting is in it world, Canada just did a good job highlighting this is we’re abysmal at buying our own stuff. Well, the world is actually doing a lot of buying Canadian, but back here at home, particularly the federal government, it’s it’s not even remotely a priority, which is just kind of interesting and and it kind of fits a narrative. We we very rarely see how clever we are as Canadians. We often look across the border, what are they doing in Silicon Valley, etc.. But the reality is we’ve got amazing talent here.

John Stackhouse [00:24:02] Give us a better sense of why Canada has that capability. How did we get into the top five?

David Shipley [00:24:07] Well, interesting that there’s a there’s a bit of a tie here back to New Brunswick. So one of the first major cybersecurity exits in Canadian history was to radar, where Q One Labs, which is bought for IBM for more than $600 million and was part of a pair of exits featuring multiple founders that amounted to almost $1,000,000,000 in exits from tiny New Brunswick. And that started back where I started at the University of New Brunswick, where they were trying to keep their network running because residents kids kept crashing it and they had to figure out what was going on. And we’ve done a really good job of being on the bleeding edge of using the Internet. And and I would say we, particularly in New Brunswick, we embraced the Internet like no one else. We had the first broadband to the home in this country in the nineties. We had fiber going here and that meant we were also on the leading edge of seeing all the bad things that come with the Internet. And I think Canada’s climate plays a role. We’re online quite a bit. Why? Because the weather’s terrible a large part of the year. So, you know, we’re digital citizens and I think we’ve learned a lot of lessons from that.

John Stackhouse [00:25:10] Yeah, I would talk a couple of points up to immigration as well. And there are New Brunswick has been a leader, ironically, with a lot of Ukrainians coming to New Brunswick and the UNB in particular, that the cyber cluster around UNB that helped to accelerate some of that growth well before the war. And I imagine that will continue. So being a talent magnet is critical. What more do we need to do? You mentioned government procurement as a clear step. What else can Canada do to stay in the top five or even become a more dominant player in that in that elite?

David Shipley [00:25:43] Well, I think I think for me, the most important thing that Canada needs to do is put. In place. The the regulatory guardrails are going to help us be successful economically, not just in cyber, but in every other sector. Right now, Canada is lagging behind the world, and whether it’s in online privacy protection, when you look at Europe and GDPR, which hilariously is based on a principle called Privacy by Design, which was Dr. Anne CAVOUKIAN in Ontario, the former private information commissioner. So we we invented the gold standard of privacy, and we still have not implemented it here in Canada. And we’re years away from doing that. And the problem with that is if companies aren’t sent the right signal about protecting data, then all the other pressures that a business will face will override that. Now, the other part is, is unleashing more cyber talent. There’s a three and a half to 4 million worker shortage in cyber, and we have amazing programs in Canada. The leader in this is Toronto Metropolitan University’s Rogers Cybersecurity Catalyst, and it has created the gold standard. I had the privilege of being in a meeting with some of those folks and some of the folks from the White House Office of the National Cyber Director, and they were learning from some of the great things that we are doing in Toronto.

John Stackhouse [00:27:00] It’s interesting, David, how you frame the opportunity as well as the challenge around privacy. I’m intrigued when organizations and I think it’s pretty much all organizations now project themselves or present themselves as being a data organization or a data company. And with that comes the imperative, but also the opportunity to see privacy and cybersecurity more broadly as an asset, as a corporate strength. It’s not a cost of doing business, of course it is. But the more you invest, the greater that asset grows. As you work with companies in all sorts of sectors. What do you find most compelling to the operators in terms of re-imagining themselves as not only a data company but a cybersecurity, large privacy minded company?

David Shipley [00:27:47] I think what gives me hope and inspiration for companies is that they’re realizing that being secure can be a competitive advantage and respecting people’s privacy can help build better relationships and longer term brand loyalty, which is awesome. But there is a bit of an interesting cognitive dissonance between that thinking and the siren song of Big Data. So what we’ve heard for a decade, you know, if you if you keep it, if you hoard it, if you’ve got it, sooner or later, some magical I might unlock some hidden insights into that data. Except that ignores that there’s a portion of data that has a declining value or it actually becomes a liability and not an asset. And we we jokingly call it zombie data because it writhes in the grave in a data breach and it bites you in the backside. It’s the data that actually did not have the value that you thought it had, that if you had tighter retention policies, if you really went to minimum viable data, that in the event of a breach because you didn’t retain it anymore, you couldn’t lose it. And so there’s going to be an interesting tension between the drive to find greater businesses, efficiencies, insights and whatnot with the reality of dealing with these kinds of issues.

John Stackhouse [00:29:01] We started the conversation talking about both runs origins. Tell us as we wrap up about where you see the company going in the years ahead, where do you see the greatest opportunities?

David Shipley [00:29:10] It’s interesting that the human side of cyber is responsible for over 80% of all security incidents, and yet less than 1% of cybersecurity spending are the 175 to $200 billion on cyber is spent on people. And what we’ve discovered within organizations is that when you help them know more and care more about security, not just take mandatory annual compliance training or do phishing exercises, when you go further and say this is how you be successful at your job here and teach people how to use these tools, and this is why security matters to our executives, you end up with a stronger business, and that’s the mission that we’re on. When we talk about the sheepdog effect, it’s not just about reacting to in bad Guys Attack. We’ve built resilient, great businesses that people can rely on.

John Stackhouse [00:29:55] What a great message to wrap up with. David, thank you for being on Disruptors.

David Shipley [00:29:59] Thank you so much for the opportunity.

John Stackhouse [00:30:01] That was David Shipley, founder and CEO of Beauceron Security. I’d also like to thank Adam Evans and Michelle Zatlyn, who joined us earlier in the podcast. Cyber threats have been around for as long as the Internet, but things have really changed in the last few years, both with the pandemic and the conflict in Ukraine. The rush to work from anywhere, shop from anywhere, entertained from anywhere, created all sorts of opportunities, but also put organizations and all of our data at a new threat level that we’re just coming to grips with. The economic consequences have also grown as criminal gangs and even nation states have seen all sorts of new opportunities through ransomware and other cyber threats all the while. As we heard on this episode, dark forces in the world have gotten better and better, but so too have the capabilities of all sorts of organizations that are on the front lines protecting our data, protecting our devices pretty much all day, every day to battle that, as our guest said, may never end. But it’s also a battle that Canada can play a special role in. If we leverage our talent, our tech capabilities and knowledge to turn cybersecurity challenges into opportunities that will make the Internet safer for everyone. I’m John Stackhouse and this is Disruptors, an RBC podcast. Talk to you soon.

Announcer [00:31:30] Disruptors, an RBC podcast is created by the RBC Thought Leadership Group and does not constitute a recommendation for any organization, product or service. It’s produced and recorded by Jar Audio. For more disruptors, content like or subscribe wherever you get your podcasts and visit rbc dot com slash disruptors.

Jennifer Marron produces "Disruptors, an RBC podcast". Prior to joining RBC, Jennifer spent five years as Community Manager at MaRS Discovery District and cultivated a large network of industry leaders, entrepreneurs and partners to support the Canadian startup ecosystem. Her writing has appeared in The National Post, Financial Post, Techvibes, IT Business, CWTA Magazine and Procter & Gamble’s magazine, Rouge. Follow her on Twitter @J_Marron.

This article is intended as general information only and is not to be relied upon as constituting legal, financial or other professional advice. A professional advisor should be consulted regarding your specific situation. Information presented is believed to be factual and up-to-date but we do not guarantee its accuracy and it should not be regarded as a complete analysis of the subjects discussed. All expressions of opinion reflect the judgment of the authors as of the date of publication and are subject to change. No endorsement of any third parties or their advice, opinions, information, products or services is expressly given or implied by Royal Bank of Canada or any of its affiliates.