Blog

Cybersecurity: A journey, not a destination

On November 3, 2020, higher education institutions from across Ontario gathered online for ORION’s inaugural ON-CHEC Day. The theme, Cybersecurity: A journey, not a destination, got at the crux of the cybersecurity challenge for this sector: no matter how far we’ve come, there’s more to do. We talked about cybersecurity challenges in the North, cyber safety in a pandemic, how shared cybersecurity worked for Ontario higher education, and how higher education can secure their digital transformation. In this way, ON-CHEC members helped each other on their own journeys.

Cybersecurity: We are all in this together

As Alfonso Licata, our President and CEO said in his opening remarks about the agile transition from our eight-institution Shared CISO pilot to the first-of-its-kind expanded Ontario Higher Education Cybersecurity Consortium (ON-CHEC), “I couldn’t be MORE proud of our journey.”

A picture of a Zoom session from ON-CHEC Day

A screenshot of our session, “Cyber safety in a pandemic” featuring John Levay, John Tziortzis, Isaac Straley and Tariq Al-Idrissi.

We toured Canada’s national cyber landscape from the comfort of our offices and armchairs to see how the ON-CHEC program fits in. Through collaboration, ORION has been working with organizations all over Canada to strengthen our collective cybersecurity landscape, creating smooth intersections for ON-CHEC members.

Key learnings

As members and other cyber experts shared experiences and challenges, it was easy to see three recurring themes that, happily, interrelate and will help drive ON-CHEC strategies.

  1. Access to more cybersecurity talent is critical
    • Whether you’re in Southern or Northern Ontario, resources and expertise in cybersecurity is an issue. In the South, the talent pool is large, but hiring is difficult with a limited budget when there are so many other companies competing for the same skilled resources. This also makes long-term staff retention difficult. In the North, the talent pool is tiny and institutions don’t have the budgets for re-location. Given a choice to relocate, skilled talent may opt for regions with more cultural opportunities. However, our Northern IT leaders all agreed that, once someone arrives, they’re typically in for the long-run. The opportunity here is to draw on our historical strengths and work on shared solutions, especially as remote work becomes more common and supported.
  2. Shared cybersecurity approaches are greater than the sum of their parts
    • As resourcing was an issue for all institutions, providing advice and guidance to other members has been key. Many institutions have staff that wear several hats within their institutions so learning from other members and from the ON-CHEC program have helped them deal with some of the shortcomings.
    • ON-CHEC’s recommended common framework is used by a majority of the member institutions. Combined with the annual self-assessment, which enables benchmarking between members, and the associated dashboards and advice, the shared approach has helped strengthen members’ cybersecurity governance and programs. The consortium has also had access to shared cybersecurity services in the form of pilots, proof of concepts and ancillary services like DDoS protection.
    • As individual institutions they may be improving, but as a consortium, they are powerful. Collaborating means learning from other members experiences and not reinventing the wheel. Which can help support our next theme.
  3. Be proactive and move faster
    • Have a plan, secure your systems, review and test your plans, and have adequate cyber insurance. A breach makes for tough lessons to learn from and can be even more difficult to recover from in absence of preparation. Don’t make the mistake of thinking it won’t happen to you. It’s not “if” it’s “when”—and having your plan in place can make a huge difference in the level of business disruption.
    • We need to move faster with cybersecurity. The landscape is always evolving, and it does so quickly. Much time is spent talking and strategizing about collaborative and effective approaches, but we need to move faster with solution implementation to keep up. Collaboration moves at the speed of trust. Now that the ground work has been laid, we expect to see our agility improve.

The ongoing journey of ON-CHEC

An infographic about cybersecurity services provided by ON-CHEC

Click to view some statistics about the ON-CHEC program and its impact.

When we launched ON-CHEC a year and half ago, it was born out of recommendations from our community. Ontario’s higher education community needed cost-effective cybersecurity guidance, programs and services. As we continue engaging with our community to understand their needs​ as well as enabling and supporting national community cybersecurity programs, we know we are on a journey.

This is the fundamental concept behind our cybersecurity vision, and everything else we do to support our community. We held ON-CHEC Day because the consortium wanted it. They wanted to connect with other members and hear about their challenges and solutions, and consider other ways they might collaborate. As Michelle Moore of Humber College said in her closing message, members’ participation in ON-CHEC Day and ON-CHEC generally “has helped all of us on our journey. It’s a journey to improved cybersecurity for ALL of Ontario’s higher education. It’s a journey that’s better, safer and STRONGER together.”

Are you an ORION constituent in higher education? You can be a member too

Everyone is going through cybersecurity issues, no matter how big, small or the location of their higher education institution. As a community our greatest strength is sharing information, experience and being there for one another, because knowledge is power.

For more information on ON-CHEC or how to become a member, and ORION’s cybersecurity services, please visit: https://www.orion.on.ca/about-us/orion-cybersecurity/