Category Archives: Blog

MNP named to CRN MSP 500 list in Managed Security 100 Category

MNP Recognized for Excellence in Managed IT Services

Mississauga, ON February 14, 2017 – MNP announced today that CRN®, a brand of The Channel Company, has named MNP to its 2017 Managed Service Provider (MSP) 500 list in the Managed Security 100 category. This annual list recognizes North American solution providers with cutting-edge approaches to delivering managed services. Their offerings help companies navigate the complex and ever-changing landscape of IT, improve operational efficiencies, and maximize their return on IT investments.

In today’s fast-paced business environments, MSPs play an important role in helping companies leverage new technologies without straining their budgets or losing focus on their core business. CRN’s MSP 500 list shines a light on the most forward-thinking and innovative of these key organizations.

The list is divided into three categories: the MSP Pioneer 250, recognizing companies with business models weighted toward managed services and largely focused on the SMB market; the MSP Elite 150, recognizing large, data center-focused MSPs with a strong mix of on-premise and off-premise services; and the Managed Security 100, recognizing MSPs focused primarily on off-premise, cloud-based security services.

“Managed service providers play an increasingly important role in the day-to-day operations of businesses across North America,” said Robert Faletra, CEO of The Channel Company. “MSPs help organizations streamline their spending, effectively allocate limited resources, and benefit from advanced expertise in the latest technologies. We congratulate the service providers on CRN’s 2017 MSP500 list, who have continually succeeded in meeting their customers’ changing needs and help them get the most out of their IT investments.”

“Over a year ago, we successfully updated our Cyber Security Managed Services offerings by expanding our unique services and leading this market with an innovative business solution. Our managed services provides our clients with a team of qualified Cyber Security experts including a virtual chief information officer (VCISO) who will guide your business to increase its cyber security maturity through our monthly reviews. Unlike most of our competition who provide monitoring, we believe in being proactive for our clients cyber security.” Danny Timmins National Cyber Security Leader

The MSP500 list will be featured in the February 2017 issue of CRN and online at www.CRN.com/msp500.

Follow The Channel Company: Twitter, LinkedIn and Facebook

Tweet This:
@TheChannelCo names @ to @CRN 2017 MSP 500 list #CRNMSP500 www.crn.com/msp500

About MNP

MNP is a leading national accounting, tax and business consulting firm in Canada. We proudly serve and respond to the needs of our clients in the public, private and not-for-profit sectors. Through partner-led engagements, we provide a collaborative, cost-effective approach to doing business and personalized strategies to help organizations succeed across the country and around the world.

As a premier full service provider of cyber security solutions, MNP is dedicated to securing the confidentiality, integrity and availability of networks. Our client-focused delivery and extensive experience in network assessment, design, engineering, project management, installation, implementation, support and maintenance has resulted in a 98% client retention rate.

For more information please contact Danny Timmins, National Cyber Security Leader, danny.timmins@mnp.ca

Copyright ©2017. The Channel Company, LLC. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.

NCI Merges with MNP LLP

 

MNP_logoLLP343C

NCI is pleased to announce we have merged with MNP, one of the largest National accounting and business consulting firms in Canada, effective April 1, 2016

Cybersecurity is more than a technology issue, it’s a critical business risk and one of the leading and growing business threats in the world. While MNP wanted to enhance their services in cybersecurity for their clients, NCI was looking to expand our service capability across the country, while offering other specialty consulting and risk services to our valued clients.  It’s truly a win-win situation for both our firms and the clients we serve.

Our clients can be assured they will receive the same level of commitment and will benefit from the additional knowledge, resources and experience in numerous industry and specialty areas — across more than 80 locations from Victoria to Montreal. As part of MNP, we will continue to deliver value-added services to our clients by drawing on MNP’s expertise in many disciplines.

We look forward to continuing to meet your needs through MNP.

For more information, visit www.mnp.ca or contact        Danny Timmins at 905.607.9777 ext. 230

MNP Expands Cybersecurity Services by Merging in NCI, a Leading Cybersecurity Firm

(article en français à suivre)

Enhanced Cybersecurity Solutions to Benefit Marketplace

TUESDAY, MARCH 8, 2016, CALGARY, AB – MNP LLP, one of Canada’s largest national accounting and business consulting firms, announced today that NCI, a cybersecurity services and solutions firm, will join MNP effective April 1, 2016.

“Cybersecurity is more than a technology issue, it’s a critical business risk and one of the leading and growing business threats in the world,” said Jason Tuffs, CEO, MNP. “As a firm, we wanted to enhance our services in cybersecurity for our clients and merging in a full-service cybersecurity firm of leading experts made the most sense. It’s truly a win-win situation for both our firms and the clients we serve.”

NCI was founded in 2000 by IT professionals Danny Timmins (CEO & President) and Eugene Ng (CIO). Their goal was to create a company that offered a full range of services and solutions related to cybersecurity. NCI has grown to include offices in Mississauga, ON and Montreal, QC, as well as satellite offices in Sydney, NS and St. John, NB.

As leaders in the cybersecurity industry, the firm has been recognized year-after-year with numerous awards, including: CRN Magazine’s Top 25 North America ‘Need to Know Security VAR’ List, CRN Next – Gen 250 List, Branham 300 Top 10 Canadian ICT Security Companies, Branham 300 Top 20 Movers & Shakers, CDN Top 100 Solutions Providers, Profit 500 Canada’s Fastest Growing Companies and Branham 300 Top 250 Canadian ICT Companies.

“MNP already had a growing technology consulting and cybersecurity practice, but was looking for a like-minded firm to build on their strategic plans for growth in offering cybersecurity services and solutions. At the same time, we were looking to expand our service capability across the country, while offering other specialty consulting and risk services to our valued clients,” added Danny Timmins, CEO & President, NCI.

“MNP and NCI had discussed opportunities to work together over the last few years. As we got to know each other better, both firms grew quite impressed with each other’s people, experience and expertise. This is a truly a mutually-beneficial union and we are very excited to have found the perfect firm, one that puts clients first, that will allow us to offer clients a greater breadth of services to address their growing business needs.

As a national accounting and business consulting firm operating for more than 55 years, MNP has grown to more than 80 locations with over 3,500 team members from Victoria to Montreal. In addition to tax and accounting expertise, MNP delivers a diverse range of advisory services, including corporate finance, valuation and litigation support, succession planning, investigative and forensic accounting, cross-border taxation, as well a full breadth of services in enterprise risk services, including governance, risk management, internal audit, regulatory compliance, business resilience and operational effectiveness.

Tuffs added that this merger will take MNP’s Technology Solutions practice to a new level across the firm. “MNP focuses on strategic mergers for the benefit of our clients. This merger will allow us to build on our existing strengths and ensure we continue our client-focused approach to doing business while ensuring our clients are protected against growing cyber threats.”

Timmins will become MNP’s National Cybersecurity Leader and Ng will join as the firm’s Cybersecurity Leader for Eastern Canada. Timmins expects the transition to be seamless for their team and clients. While the Montreal NCI staff will move into MNP’s Montreal office, the remaining NCI locations, including their main office in Mississauga, will remain in their current locations.

About MNP LLP
MNP is one of the largest national accounting and consulting firms in Canada, providing client-focused accounting, taxation and consulting advice. National in scope and local in focus, MNP has proudly served individuals and public and private companies for more than 55 years. Through the development of strong relationships, MNP provides personalized strategies and a local perspective to help them succeed. For more information, visit www.mnp.ca.

For more information, please contact:
Jason Tuffs, CPA, CA                                                                      Danny Timmins

CEO                                                                                                        CEO & President
MNP LLP                                                                                              NCI

403.444.0150                                                                                      905.607.9777 ext. 230

jason.tuffs@mnp.ca                                                                       dtimmins@nci.ca

 

 

MNP élargit ses services de cybersécurité en faisant l’intégration de NCI,
un cabinet de cybersécurité de premier plan

La bonification des solutions de cybersécurité profitera au marché

LE MARDI 8 MARS 2016, CALGARY (AB) – MNP sencrl, srl, l’un des plus importants cabinets de comptabilité et de services-conseils au Canada, a annoncé aujourd’hui que NCI, un cabinet de services et de solutions de cybersécurité, viendra grossir ses rangs à compter du 1er avril 2016.

« La cybersécurité n’est pas qu’une simple affaire de technologie; les cybermenaces posent un risque d’entreprise bien réel et constituent l’une des principales menaces grandissantes pour les entreprises dans le monde », a indiqué Jason Tuffs, chef de la direction de MNP. « En tant que cabinet, nous souhaitions améliorer nos services de cybersécurité, et l’intégration d’un cabinet de cybersécurité à service complet regroupant des experts de premier plan était la solution tout indiquée. Tout le monde y gagne, tant nos cabinets respectifs que les clients que nous servons.

NCI a été fondé en 2000 par Danny Timmins (chef de la direction et président) et Eugene Ng (directeur de l’informatique), tous deux professionnels des TI. Ils avaient pour objectif de créer une société offrant une gamme complète de services et de solutions de cybersécurité. Depuis, NCI n’a cessé de croître et compte maintenant des bureaux à Mississauga (ON), à Montréal (QC), ainsi que des bureaux satellites à Sydney (N.-É.) et à St. John (N.-B.).

Chef de file du secteur de la cybersécurité, NCI a reçu année après année de nombreuses distinctions, figurant notamment au classement des 25 principaux distributeurs nord-américains de produits modifiés à connaître de CRN Magazine, au palmarès des 250 entreprises de prochaine génération de CRN, à la liste des 10 principales sociétés canadiennes de TIC de sécurité, à celle des 20 sociétés les plus dynamiques (Top 20 Movers & Shakers) de Branham 300, au classement des 100 principaux fournisseurs de solutions canadiens, à celui des entreprises canadiennes connaissant la plus forte croissance de Profit 500 et au classement des 250 principales sociétés de TIC canadiennes de Branham 300.

« MNP comptait déjà sur des services-conseils technologiques et des services de cybersécurité en pleine croissance, mais il souhaitait s’allier à un cabinet qui partageait sa vision afin de prendre appui sur leurs plans stratégiques respectifs pour accroître leurs services et leurs solutions de cybersécurité. Nous voulions également étendre la portée de nos services partout au pays, tout en offrant d’autres services spécialisés de consultation et de gestion du risque à nos précieux clients », a ajouté Danny Timmins, chef de la direction et président de NCI.

« Au cours des dernières années, MNP et NCI avaient discuté des possibilités d’unir leurs forces. En apprenant à mieux se connaître, les deux cabinets ont fait bonne impression l’un sur l’autre et ont vite reconnu la qualité des effectifs, de l’expérience et de l’expertise de l’autre partie. Il s’agit véritablement d’une union mutuellement profitable, et nous sommes très heureux d’avoir trouvé la perle rare, c’est-à-dire un cabinet qui se préoccupe d’abord et avant tout de ses clients, de façon à pouvoir offrir une gamme élargie de services à notre clientèle afin de répondre à ses besoins d’affaires grandissants.

À titre de cabinet comptable et de services-conseils national actif depuis plus de 55 ans, MNP compte plus de 80 bureaux et au-delà de 3 500 personnes au sein de son effectif, de Victoria à Montréal. En plus de son expertise en fiscalité et en comptabilité, MNP offre une gamme variée de services‑conseils, notamment des services de financement d’entreprises, d’évaluation et de soutien en cas de litige, de planification de la relève, d’enquêtes et de juricomptabilité, de fiscalité transfrontalière, de même qu’une gamme complète de services en gestion du risque d’entreprise, y compris en matière de gouvernance, de gestion du risque, d’audit interne, de conformité aux exigences règlementaires, de résilience commerciale et d’efficacité opérationnelle.

M. Tuffs a ajouté que la fusion allait permettre aux services des solutions technologiques de MNP de prendre une toute nouvelle dimension à l’échelle du cabinet. « MNP privilégie les fusions stratégiques qui sont avantageuses pour ses clients. Celle que nous venons de réaliser nous permettra de consolider nos forces existantes et de continuer à exercer nos activités au moyen d’une approche axée sur le client, tout en offrant une protection contre les cybermenaces grandissantes. »

Danny Timmins deviendra le leader national des services de cybersécurité, et Eugene Ng se joindra au cabinet à titre de leader des services de cybersécurité pour l’Est du Canada. M. Timmins prévoit une transition sans heurt pour son équipe et ses clients. L’effectif de NCI à Montréal emménagera dans le bureau de MNP établi dans cette même ville, tandis que les autres bureaux de NCI, y compris le bureau principal situé à Mississauga, demeureront à leur emplacement actuel.

À propos de MNP SENCRL, srl

MNP est l’un des plus importants cabinets comptables et de services-conseils au Canada, offrant des services en matière de comptabilité et de fiscalité et des services-conseils axés sur le client. Avec une portée nationale et une vision régionale, MNP répond avec fierté aux besoins des particuliers et des sociétés ouvertes et à capital fermé depuis plus de 55 ans. Misant sur l’établissement de relations solides, MNP contribue à la réussite des entreprises en leur proposant des stratégies personnalisées et un point de vue local. Pour obtenir de plus amples renseignements, visitez le www.mnp.ca.

Pour obtenir de plus amples renseignements, veuillez communiquer avec :

Jason Tuffs, CPA, CA                                                                      Danny Timmins

Chef de la direction                                                       Chef de la direction et président

MNP sencrl, srl                                                        NCI

403.444.0150                                                                 905.607.9777 poste 230

jason.tuffs@mnp.ca                                                     dtimmins@nci.ca

 

 

Exciting News!! NCI is Merging with MNP

 

We are very excited to share the news that we will merge with MNP LLP, one of the largest national accounting and business consulting firms across Canada, April 1, 2016. MNP has over 80 offices across the country, with several in Ontario, including Mississauga, Ottawa, Thunder Bay, Toronto, as well as in Montreal. MNP has a growing Technology Risk Services practice and was looking for a like-minded firm to build on their strategic plans for growth in offering Cybersecurity Services and solutions.

At the same time, we were looking to expand our service capability across the country, while offering other specialty consulting and risk services to our valued clients. Over the last few years, both our firms have talked about opportunities to work together. As we got to know each other better, both firms grew quite impressed with each other’s people, experience and expertise. We believe coming together is a win/win situation for our two firms and our clients. We are very excited to have found the perfect firm, one that puts clients first, to join forces with and offer a greater breadth of Enterprise Risk Services to address your growing needs.

As the fifth largest national accounting and business consulting firm, operating for 57 years, MNP has grown their team to more than 3,500 members from Victoria to Montreal, who focus on what matters most—helping individuals and businesses achieve their goals. In addition to tax and accounting expertise, MNP delivers a diverse range of advisory services, including enterprise risk, corporate finance, valuation and litigation support, succession planning, investigative and forensic accounting, cross-border taxation, as well a full-breadth of services in enterprise risk services, including governance, risk management, internal audit, regulatory compliance, business resilience and operational effectiveness.

MNP also serves numerous client groups in the private and public sectors and understands the specialized markets in which our clients operate. MNP has a large national presence and access to hundreds of experts and specialists, as well as access to a global network of accounting firms through Praxity—an international alliance of independent accounting firms. By joining MNP, we are adding more resources, more services and experience to better serve the needs of our clients with all their business needs.

As the marketplace evolves and our client needs become more complex, we are embarking on a new chapter of our story. We believe becoming part of a national firm with a local client service philosophy and greater breadth and depth of resources will serve our clients well and position us for continued success and growth. Coming together will strengthen and deepen our existing leadership and offer our clients business advice specifically tailored to their businesses and industries.

We understand you may have questions about the merger’s effect on the continuity of your relationships with the professionals you have come to know and trust. You can be assured the team of talented professionals currently working with you will remain in place and that this merger will be very seamless. With the added talent and industry expertise MNP brings, any new professionals working with you will be an enhancement of the client service we deliver now. While our name will change eventually, our level of service and responsiveness to our client needs will always remain the same.

Eugene, the Team and I will remain the same. Eugene will join as the firm’s Cyber Security Leader for Eastern Canada and I will become MNP’s National Cybersecurity Leader. We expect the transition to be seamless for our team and you the clients.

 
We will remain in our present locations and look forward to serving you as part of the MNP team. If you have any questions about this transition, please don’t hesitate to contact us:

Danny Timmins,

President/CEO, NCI
905.607.9777 x 230
dtimmins@nci.ca

For more information about MNP, visit their website at www.mnp.ca

What DO executives care about in cybersecurity?

 

Sometimes I spend time on the Twitterverse watching what is bouncing around in the echo chamber. Occasionally something builds up some feedback and catches my ear. Recently I saw some posts from a particular tweep (who shall remain nameless) and he was on about “when was the last time you spoke to your executives about security?” and “do your executives understand the business aspects of security?” He was posing questions but were light on answers, I suppose because he wanted you to contact his company and get some of those answers. That’s his prerogative, but myself, I prefer to treat twitter like a giant open conversation not a marketing channel.

Nevertheless it got me to thinking. Do executives understand the business aspects of security? I think that is the wrong question and has things the wrong way around. Rather the question is “do you know the business aspects of your security decisions?” Can you communicate them to people up the chain of responsibility? Can you connect the dots from what you are trying to do, to what business leaders are concerned with?

Hold up there, what exactly are executives concerned about? In my opinion we tend to get tied up in knots about this. I don’t think it’s all that mysterious. We could just ask them, in fact that’s what Chris Wysopal did. He shared his findings at Sector 2015 in the CISO Survival Guide presentation. Here is what he found execs are concerned with:

  • Brand damage
  • Breach costs, readiness, response
  • Corporate espionage
  • Risk posture and exposure

This immediately raises another set of questions to me: how do you communicate such things? What are the metrics that would be interesting and helpful?

At the highest levels there is cause for hope. The OpenFAIR framework gives us a way to conceptualize all of the above 4 things in a coherent fashion. It also allows us to communicate it in terms of likelihood and dollars. Metrics don’t get much clearer than that.

Let me connect the dots for you. You have a hunch that a SIEM would help (the actual control isn’t important for our discussion). It’s an expensive bit of kit, to say nothing of the care and feeding, and staff training. How can you justify that it’s worth it? Taking a control first approach, while our typical approach, is kind of backward. Instead we are going to run two risk analyses i) as a baseline without the SIEM, ii) as a comparison with the SIEM and how this additional control and all that it does can reduce the risk. This ultimately should translate into a reduction in the probability of a breach and/or a reduction in the costs of a breach. Is the reduction enough considering the cost of the SIEM? That’s a business decision and one that “the business” can now make since you’ve boiled things down into a language that they understand: probabilities and dollars.

Written by: Jason Murray, Manager of Professional Services, NCI

Follow Jason on twitter @andrecrabtree

Do Consumers Really Bail On Breached Merchants

 

There was a recent blog post on the PCI Guru blog, but it was a bit off the beaten path since it had seemingly nothing to do with PCI compliance; at least not directly. Dr. Brandon Williams decided to investigate if customers leave after a retailer suffers a breach. Did you stop shopping at Winners after their breach? For how long?

There are a number of interesting tidbits in the final report. But in general most customers come back after about six months. Breaches do not seem to create an incentive to leave a retailer permanently. This research may give some merchants the idea that breaches don’t matter as much as they think. And I agree with them, but only in this one aspect of their risk profile. There are other aspects to consider.

Our favoured risk analysis approach here at NCI is the OpenFAIR method. It categorizes losses into primary and secondary. Primary losses are the costs the company bears directly: i) response, ii) productivity, and iii) replacement. This is not what we are talking about when we consider loss of customers.

To have that discussion we need to talk about secondary losses. Secondary losses are due to a 2nd party acting based on the outcome of a breach. These three types of loss are:

  • Fines & Judgements – e.g. fines from banks for violating your PCI agreement
  • Competitive Advantage – e.g. a competitor stole your product designs and gets to market before you
  • Reputation – e.g. a breach leading to customers leaving

What this paper talks about is the impact on reputation. Based on this research it would appear that the cost of reputational damage is not as great as many of the executive suite would fear. (Incidentally I have seen research that indicates that reputational damage is one of the top 3 things executives fear). You’ll take a hit, but as long as you can weather the storm of a couple of bad quarters you’ll be OK in the medium term.

It would appear, at first glance, that we can’t rely on reputation damage to move the needle on improving cyber security. At least if you view cyber security as a cost centre that has no possibility to generate competitive advantage on its own (but that’s another blog post). So if we do want to move the needle how to go about that? Market forces alone aren’t sufficient, perhaps regulation and compliance are going to be needed after all.

But what should your response be? Should you implement the risk mitigation that your security team is saying you should? As with everything in business it depends.

  • If you are can weather the storm and absorb the hit to your bottom line then you may choose to do nothing.
  • But you really should investigate just what the possible impacts of that 6 month decline would be (part of a quantitative risk analysis). Then weigh that against the cost of implementing the tools to reduce the chance of the breach in the first place. A $10k investment might reduce the chance of a $100k loss of revenue. 10% return is a pretty good deal.
  • If you’re a small firm, the loss of that much revenue might mean you are out of business, or have to go to the bank for a short term loan. In that case you should seriously consider implementing some kind of security control(s) to reduce the impacts of a breach.

Notice the common theme here? You’d be forgiven for missing it, I deliberately didn’t hit you over the head with it. You should do a quantitative risk assessment in order to make an informed decision. If you aren’t you’re doing your business a disservice.

Written By: Jason Murray, Manager of Professional Services, NCI

Follow Jason on twitter @andrecrabtree

CATA Cyber Security Benchmark Survey

 

CATA Alliance has released a Cyber Security Benchmark Survey. CATA is a strong supporter of improving Cyber Security across Canada, and with the results  from this survey will work towards helping organizations achieve a better grasp on Cyber Security

The Canadian Advanced Technology Alliance (CATAAlliance) is Canada’s One Voice for Innovation Lobby Group, crowd sourcing ideas and guidance from thousands of opt in members in moderated social networks in Canada and key global markets. CATA is the foundation for commercialization, market research, networking, events, access to other associations, and professional development, across the nation. Learn more about CATA

Please take a moment to fill out survey.

If you have trouble viewing or submitting this form, you can fill it out in Google Forms.

Never submit passwords through Google Forms.

* Required

  1. How concerned is your organization regarding cyber threats and data breaches? *
1 2 3 4 5
No concerns ( ) ( ) ( ) ( ) ( ) Extremely concerned
  1. What are the most significant cyber threats your organization faces today *
  2. What are the biggest obstacles to your organization becoming more cyber secure? *
  3. How significant would impacts from a cyber-incident be on your organization? *
1 2 3 4 5
No impact ( ) ( ) ( ) ( ) ( ) Catastrophic impact
  1. Is your organization confident that it has the appropriate level of technology, people and processes to provide the required level of security for its operations and the data it holds? *
1 2 3 4 5
insufficient ( ) ( ) ( ) ( ) ( ) sufficient
  1. In the event of a cyber-incident, is your organization sufficiently prepared to respond with the necessary people, process, and tools? *
1 2 3 4 5
not prepared at all ( ) ( ) ( ) ( ) ( ) fully prepared
  1. Has your organization taken into account its potential legal exposure in the case of litigation resulting from a cyber-incident? *
1 2 3 4 5
no consideration given to legal risks ( ) ( ) ( ) ( ) ( ) identified and addressed
  1. Has your organization retained external legal counsel to assist with designing and implementing a cyber-incident response plan? *
  2. To what extent is security embedded into your corporate culture? *
1 2 3 4 5
no security culture at present ( ) ( ) ( ) ( ) ( ) strong security culture at all levels
  1. How would you rate Canada and government leaders’ level of commitment and leadership as it relates to the growing threat of cyber attacks? *
1 2 3 4 5
no leadership or commitment demonstrated ( ) ( ) ( ) ( ) ( ) strong leadership on all cyber security issues
  1. Do you feel that there are sufficient Canadian government resources for organizations wanting to prepare/counter cyber threats? *
1 2 3 4 5
insufficient resources to manage cyber threats ( ) ( ) ( ) ( ) ( ) superior resounces available within Canada to help organizations prepare and defend against cyber attacks
  1. Have security threats affecting your industry decreased, stayed the same, or increased from last year? *
1 2 3
decreased ( ) ( ) ( ) increased
  1. Has your cyber risk profile worsened, stayed the same, or improved from last year? *
1 2 3
worsened ( ) ( ) ( ) improved
  1. Is this year’s cybersecurity budget lower, the same, or higher than last year? *
1 2 3
lower ( ) ( ) ( ) higher
  1. Do you expect next year’s cybersecurity budget to be lower, the same, or higher than this year? *
1 2 3
lower ( ) ( ) ( ) higher
  1. Are the number of full time equivalent (FTE) staff focused on cybersecurity lower, the same, or higher than last year? *
1 2 3
lower ( ) ( ) ( ) higher
  1. Do you expect the number of FTE focused on cybersecurity next year to be lower, the same, or higher than this year? *
1 2 3
lower ( ) ( ) ( ) higher
  1. How would you rate the current labour market for trained cybersecurity professionals? *
    • ( ) Growing lack of skilled labour and a challenge for our organization
    • ( ) Adequate access to skilled professionals
    • ( ) No problem recruiting and retaining trained professionals
  1. Has your organization established a team which can implement a response plan in the case of a cyber-incident? *
  • ( ) Yes
  • ( ) No
  • ( ) Other:
  1. What position at your organization is the primary point of contact for cyber incidents? *
  2. What is your cybersecurity spend as a percentage of total IT spend? *
  3. Does your organization vet and/or audit your vendors to ensure they are cyber safe and not putting your organization at risk? If yes, please explain (e.g., frequency, use of third party auditors, etc.) *
  4. Does your organization have cyber liability insurance in place? *
  • ( ) Yes
  • ( ) No
  1. Do your cybersecurity processes include the training of your staff? If yes, briefly describe the process, frequency and any monitoring of compliance and whether the training is mandatory. *
  2. Should the private sector play a more active role in helping companies share cyber threat information? Please explain *
  3. Do you feel that Canada’s current laws and regulations restrict the sharing of cyber threat information? *
  • ( ) Yes
  • ( ) No
  1. Do you support public-private sector collobaration around cybersecurity (ie. information sharing, research, etc.? *
  • ( ) Yes
  • ( ) No
  1. Do you purchase Cyber threat information or Cyber Threat Data Feeds? (e.g. X-Force, REPSM, Fire-Eye) *
  • ( ) Yes
  • ( ) No
  1. Do you leverage opensource cyber threat data feeds? (e.g. Shadow server, CCIRC) *
  • ( ) Yes
  • ( ) No
  1. What barriers do you believe prevent the timely and efficient sharing of cyber threat information in Canada? *

Check all that apply

  • ( ) Legislation
  • ( ) Trust
  • ( ) Intermediary
  • ( ) Data format standards
  • ( ) Other:

Please provide your industry and job classification (ie. CISO, CEO, Director IT, etc.)

 

November Update

 

November was a busy month here at NCI. Along with daily business, we also had a few initiatives we were supporting. Here’s a quick update:

On November 19th our CEO Danny Timmins spent a cold and damp night sleeping on the streets of Toronto in support of the Covenant House. Every year Covenant House hosts a Sleep Out for Executives in Support of the Homeless Youth in Toronto. This year they raised over $1 million.

To learn more about the Sleep Out or Covenant House please visit

http://www.covenanthousetoronto.ca/homeless-youth/Sleep-Out-Executive-Edition

Throughout the entire month of November, NCI hosted a Holiday Wishes Drive for the Peel Children’s Aid Foundation. We managed to raise over 100 items such as new toys, books, clothes, winter clothing and baby necessities.

If you’d like to find out more about PCAS or the Holiday Wishes program please visit the links below.

https://cause2give.unxvision.com/P2PWeb/Default.aspx?EventId=958&LanguageId=1

http://peelkidsfoundation.ca/Events/event.aspx?id=162

 

Holiday Wishes Drive Final 1

Cyber Attack of VTech Exposes Millions of Parents and Children

 

Ranking as one of the largest data breaches of the year and one of the first to target children, VTech has confirmed (via an FAQ about their data breach(3)) that on November 14, an unauthorized party accessed data on their Learning Lodge app store customer database and Kid Connect servers. In total over 4.8 million customer (parent) and 6.3 million child profiles have been compromised. The database stores information such as names, email addresses, passwords, password reset questions and answers, IP addresses, mailing addresses, child profiles (names, age, genders, and birthdates) and the download history for an account(2). Credit card information was not stored on the compromised servers so credit card details were not included in the attack.

The hack calls into question VTech’s security practices, which security researcher Troy Hunt(1) revealed that VTech demonstrated a “total lack of care” in securing customer data. This will be a call for many major international organizations to rethink their current information security safeguards as CyberSecurity attacks have become more and more prevalent. Large businesses like Sony, Home Depot, Target, Ashley Madison, and even the IRS have succumbed to information breaches in 2015 alone.

For better or for worse, “these types of breach notifications may become even more frequent in Canada depending on when Mandatory Breach Notification Bill S-4 will be enforced” says Eugene Ng, CIO of NCI. Ultimately, consumers can never be too careful when giving out personal information to any company, it is something everyone should be weary of. As such, companies should take all possible measures to secure their information and NCI can help solidify your CyberSecurity posture with assessments such as our Maturity and Threat Analysis™.

  1.        http://www.troyhunt.com/2015/11/when-children-are-breached-inside.html
  2.        http://www.cbc.ca/news/technology/vtech-data-breach-1.3345362
  3.        http://www.vtech.com/en/media/faq-about-data-breach-on-vtech-learning-lodge/

NCI hosting 2015 Holiday Wishes Drive

Holiday Wishes 2015 Logo

 

We are excited to be hosting our second  Holiday Wishes Donations Drive for the Peel Children’s Aid Foundation.  NCI hosted one last year and it was a great success. Even some of the little ones at home wanted to participate and gather toys!

Peel Children’s Aid Foundation is a non-profit organization to help children that are living in poverty, and in neglected or abusive situations.
Peel Kids offers a variety of services for children of all ages, including food donations, clothing and several programs to educate and provide counselling/support.
For more information please click here http://peelkidsfoundation.ca/index.aspx

Our Holiday Wishes Drive has started and will be running until November 30th.
If you would like to participate and put a smile on a child’s face this Christmas, please feel free to bring a donations to NCI Headquarters. All proceeds will be going to Peel Children’s Aid Foundation.

Here is a list of most needed items:
Infant, Toddler and Children’s Clothing (New, unused Items)
Infant, Toddler and Children’s Toys/Books (New, unused Items)
Grocery Store Gift Cards (Food Basic, No Frills, Loblaw’s, Sobeys, Superstore)
Baby Necessities (Diapers, Clothes, Baby Formula)
Soccer Balls, Basket Balls
Stuffed Animals
Popular Character Toys (Frozen, Teenage Mutant Ninja Turtles, Thomas Tank Engine, Elmo etc)

Here’s an update of where we are at with our Holiday Wishes Drive. It’s early yet so we are expecting many more donations!

Nov 10

(collection as of Nov 10/15)

If you’d like to participate and bring in your own donations, or have any questions please email Stephanie at  sdrooff@nci.ca