COVID-19: BlackBerry, Citrix among firms seeing leap in remote access solution sales

With Canada’s Chief Public Health Officer urging Canadians to avoid gatherings of 50 people or more to limit the spread of COVID-19, IT leaders without pandemic business continuity plans — or who have discovered their plans are out of date — are rushing to put together remote access capability so employees not already doing so can work from home.

One sign: On Monday service at Microsoft’s Teams was briefly sporadic, perhaps reflecting increased use from remote workers.

Another: Over the weekend, the staff at remote desktop service provider Citrix had to work long hours to meet customer demand.

“Demand is absolutely through the roof,” Ed Rodriguez, vice-president and general manager of Citrix Canada, said in an interview Monday. He didn’t cite specific numbers.

Also:

COVID-19

“About 10 days ago worldwide Citrix saw a very significant uptake in queries [about products and services], followed by customers asking for quotes. Then seven days ago that accelerated into lots of demand by customers. Many are taking initiatives [now] to make sure work from home is capable on the infrastructure side and then rolled out.

“I think a lot of the go-live for work from home projects is actually today [Monday]. Quite a number of organizations across Canada have gone full-fledged work from home [now].”

That doesn’t mean it’s too late for organizations that have not already prepared for remote work. But they may find it harder to get time with consultants to help ensure they have secure and effective connectivity. Often software-as-a-service offerings for remote desktop access and collaboration tools will be the fastest option.

Some firms “are scurrying now to figure it out and are leaning on subject matter experts to help them get through this as soon as possible,” said Rodriguez. That includes assessing what needs to be done, any changes to the technology stack that may be needed and processes that may have to be altered or invented to make remote work as productive as office work was before.

“We probably went from 20 per cent of organizations in Canada two weeks ago thinking and starting to really prepare,” Rodriguez estimates, “to 50 per cent last week. Now, 75 to 80 per cent are starting to make those plans a reality. The last 20 ought to start making those plans now.”

The longer those firms wait the harder it will be for them, he added.

Like Citrix, BlackBerry is among the vendors reporting a sudden leap in demand for remote solutions. Alex Willis, the company’s vice-president of global sales, said in an interview this morning there’s been a big spike in sales recently for BlackBerry Digital Workplace. It’s a $99 a user a year managed bundle that includes BlackBerry Desktop (extends corporate data to remote PCs for email, calendar and secure browsing), an antimalware from its recent acquisition of Cylance and integration with a product Awingu, a web-based front end to a virtual desktop infrastructure. No VPN is needed, he added.

Digital Workplace was launched early last month to meet the general demand for remote desktop solutions, Willis said. But shortly afterwards when COVID-19 turned into a pandemic sales lept. He didn’t give specific numbers.

All IT needs to do is provide a link to home users to download Digital Workplace. Willis said download, install and activation can take five minutes.

Related

Cisco offers free WebX licences

Last week Gartner analysts told IT World Canada that organizations heavily using cloud applications will find it easier to have staff shift to work from home, as long as enterprise security isn’t put at risk from home computers with vulnerabilities.

For CIOs/CISOs who are only starting to think of what to do, Tony Anscombe, chief security evangelist for antivirus provider ESET offers this advice. Broadly speaking there are three categories of office workers, he said in an interview:

• Staff who regularly work remotely (presumably with company-owned or controlled laptops whose devices have to be secure. They’re no problem because these devices live outside the network already. They may already have full-time data encryption, a VPN and multi-factor authentication, and no IT work is needed;
• Staff who are “semi-mobile,” meaning they use laptops in several locations within the office. IT may need to take extra precautions now that those devices will connect from outside the corporate network;
• Those who only use a desktop or laptop computer at one location in the office. These people will be the most risk to the organization because their home computers — or office PCs they are allowed to take home — have to be protected.

IT may have to install a VPN if access back to a data centre is needed, and mandatory full-disk protection — if possible — may also be needed to protect corporate data, in case it’s stolen. In addition, a solution for scanning and auditing new devices for vulnerabilities if they have to connect back to a data centre would also be useful.

If a VPN is needed, the CISO will have to ensure it is capable of multi-factor authentication through an app (like Google Authenticator or Authy) and not a text message, which can be intercepted.

Related:

How IT leaders can prepare

Other suggestions are turning off Windows remote desktop protocol if possible and the ability to plug in USB keys, which could transmit infections to the corporate network, and remind employees to log off when their computers aren’t in use to prevent family members from using them to download something that could infect the network.

Remind employees who will work remotely of the need to work as safely from home as they do in the office. That means being aware of malicious email and text messages — particularly those offering COVID-19 “information.”

Finally, Anscombe says that because the crisis may last weeks remote employees may slowly forget the discipline of working from the office, so he suggests managers be told to start with a team call every morning. “Understand what everybody’s going to be doing that day, because once you lose social action it may be challenging to self-motivate.”

Making sure home computers that will be used for remote connectivity are safe — meaning they have been patched and scanned for viruses is crucial. In some cases, CIOs/CISOs will have to add scanning capability through software-as-a-service mobile/enterprise device management solutions such as SOTI, IBM MAAS360, MobileIron, BlackBerry and others.

Ken Ammon, chief strategy officer of OPAQ, a security-as-a-service provider, said recently his firm blocked a PC of a new user who worked for a European software developer. The customer had sent staff to work from home due to the pandemic, but when this user tried to connect to the corporate network for the first time OPAQ discovered the computer was “completely infected.” The user couldn’t go further until the machine was cleansed.

He worries that the computers of many home users also have many vulnerabilities that CISOs aren’t prepared to detect. He also wonders if new VPN users working from home will understand the need to turn it off when not accessing the corporate network or corporate cloud services. “I find it unlikely that the average user in this short time frame is going to grab that level of training and knowledge to navigate a VPN.”

The other problem, Ammon said, is that for compliance purposes some organizations need applications that constantly monitor user devices. That’s fine when the device is corporately-owned. However, if IT has users install an application on a home computer for remote workers for the same purpose some users may balk at, in effect, being monitored all the time. Those users need to be trained in turning off the application when the computer is used for personal surfing and turned back on when it’s used for accessing corporate assets.

Maple launches free online screening and consultation solution in response to COVID-19

While health officials do their best to provide answers to the public about COVID-19, virtual healthcare solutions provider Maple is doing what it can to quell those concerns by launching a free online screening tool and access to a live doctor for residents of Ontario.

Starting March 17, Ontario residents with a valid health card will be able to access these consultations from getmaple.ca and speak to a doctor through either an audio or video channel to discuss their symptoms and whether or not they should go for further testing or treatment. The solution is covered by OHIP

Following the appointment, people can have their results faxed over to their family physician or a local screening centre for next steps.

“Connecting concerned patients, who are receiving conflicting information from every angle, with licensed Canadian doctors from the safety of their homes is simply the right thing to do,” said Dr. Brett Belchetz, the chief executive officer and co-founder of Maple, in a press release. “We’re already seeing a strong increase in the need for virtual health services across the country. We hope that in the coming weeks, other provincial governments will follow Ontario’s example and open billing codes to allow video or telephone programs to expand across the country. It’s the best way to ensure safe access to healthcare in this time of self-isolation and social distancing.”

This is not yet available in other provinces due to healthcare plan laws and regulations not allowing for physicians to bill for online appointments, the company noted.

Maple will also provide its virtual clinic software to all Ontario and B.C. physicians at no charge.

from IT World CanadaIT World Canada https://ift.tt/38UWlv1

The bad guys are arming themselves with AI, but so are we, says Darktrace’s country manager for Canada

David Masson is confident that the use of sophisticated artificial intelligence by hackers is not a matter of if, but a matter of when.

The Canadian country manager for security firm Darktrace, who has been involved in cybersecurity since the Cold War, is adamant that the same algorithms that helped Darktrace develop intelligent defence capabilities that mimic the human immune system will be used by hackers to deliver massive blows to enterprises and public infrastructure.

“Now, we as a company use AI to protect organizations and networks. But what we have to consider is that the bad guys, the threat actors, they too, are going to start using artificial intelligence,” said Masson, who is also the company’s director of enterprise security. “And this has major implications for the cybersecurity industry right around the world and for all of us. But it’s once the threat actors start using AI…they’re going to be able to carry out very complicated and sophisticated attacks at machine speed, and human beings will not be able to counter them themselves. Human beings will need to use AI to fight AI now.”

David Masson, country manager for Darktrace in Canada.

It’s this thought process that has helped Darktrace elevate itself to new heights in Canada. The company entered the country in 2016, with an office in Toronto, and now has offices in Vancouver and Ottawa as well. It currently stands at an employee base of 30 in Canada, and a client base of 250, having attracted 110 clients in the last year alone.

The cybersecurity firm launched out of the University of Cambridge in 2013, and today has a second headquarters in San Francisco and more than 30 other locations and 600 employees worldwide.

Masson’s extensive experience working for Public Safety Canada, the U.K. Ministry of Defence and Royal Auxiliary Air Force uniquely positioned him to lead Darktrace’s impressive growth in Canada, seeing the company sign two new customers per week. Having spent most of his career working in the national security both in the U.K. and in Canada, Masson describes himself as a risk manager.

“I’ve seen cyber go from analogue to digital…and cyberattacks have been going on for a long, long time, long before the internet ever came along, but the internet is going to make them so much easier. And basically, I spent most of my career being a risk manager. That’s one way to look at managing risk,” he said.

Now in the private sector, Masson manages cyber risk. And when it comes to risk, Masson said it’s important to remember that risk is made up of two issues. One is the cyber threat that individuals and organizations face, and the other is their vulnerability to that threat. In the government, he says, both vulnerability and the threat can be tackled. So, for instance, nations can arrest people and lock them up, take sanctions against those nations who carry out cyberattacks. But in the private sector, he says, that can’t be done. And what really needs to be done in the private sector is concentrate vulnerability to this threat.

“That’s basically what I do now with Darktrace. And with Darktrace we focus on our vulnerability to the threat. Using AI, we’re much better protected than we would otherwise be,” Masson explained.

Ransomware hasn’t reached its peak in Canada

Talking about cyber trends in Canada for 2020, Masson mentioned that the Canadian market hasn’t seen ransomware reach its peak yet. Ransomware has been an issue for many years, and it gets an awful lot of publicity. Curiously, over the last couple of years, he said the number of ransomware attacks has dropped, but their impact has become much more intense.

“The attacks are becoming increasingly sophisticated and will be turbo-charged by AI in the near future,” he said.

Although the number of new ransomware families declined, there was a rapid increase in the overall number of ransomware detections among municipal organizations in 2018 and 2019, according to Trend Micro’s 2019 midyear security roundup. High profile threats, such as LockerGoga ransomware, RobbinHood ransomware and Ryuk ransomware, still remained and continue to cause havoc today.

“I don’t think it’s finished yet. I think we’re going to see a bigger increase in ransomware attacks this year,” Masson said.

Related:

Think you’re using AI effectively in security? You’re probably not, says security expert

 

Added focus on protecting operational technology (OT) will be critical this year as well.

“The problem with OT networks is that they were never designed with security in mind, they used to be completely air-gapped and separated from the internet. But that is no longer the case. Because they’re now connected to the internet, they’re very, very vulnerable to cyberattack. And I think we’ll see more focus on that in this year,” Masson explained.

To improve stealth attacks, for example, hackers can use AI to create malware capable of mimicking trusted system components. Subsequently, as they blend with the security environment of an organization, they can execute undetectable attacks. For example, San Francisco-based online and mobile marketplace TaskRabbit – now owned by Ikea – was hacked in 2018, affecting 3.75 million contractors and app users, yet the attack could not be traced by investigators. More such sophisticated cyberattacks can be facilitated by AI, explained Masson.

“Sony Pictures was hacked a few years ago. To carry out that kind of attack, you need the resources, budget, and the manpower of a nation-state to do that kind of attack…very complicated, very sophisticated attack. But with AI, it will not be possible for anybody to carry one of those kinds of attacks. It will basically lower the barrier of entry to that kind of attack to criminal gangs and individuals will be able to buy the attack of the dark web and carry them out,” Masson explained. “And what you’ll actually see is highly sophisticated attacks, rather than just happening against one organization will be carried out against 10-20 organizations all at the same time.

from IT World CanadaIT World Canada https://ift.tt/2wUhp7f

Canada can learn from U.S. cyber report, says expert

Canadian political and cyber leaders can learn lessons from a new U.S. congressional report on how the U.S. federal government should defend against internet-based threats, says a security expert.

The report by the bipartisan Cyberspace Solarium Commission issued Wednesday is “pretty cutting edge,” said Christian Leuprecht a security and defence expert at Royal Military College and Queen’s University in Kingston, Ont.

“What the commission does is validate many of the moves Canada has already made, but it also shows that there’s a lot of ground left to cover. The government’s going to have to have a much more honest and open conversation with Canadians about this space so they understand it a human behaviour and is not a technical problem. Technology plays a role, but you can invest all the money in the world and you’re not going to get ahead.”

The report notes that about 95 per cent of successful cyber attacks are the fault of what he called “rookie mistakes that people making in configuring technology, or [poor] digital hygiene — not patching, retaining default passwords.”

Named after President Dwight Eisenhower’s 1953 Project Solarium on strategic challenges, the 182-page report makes 75 recommendations across the public and private sector, while presenting several draft bills and proposing changes to government departments and the creation of a National Cyber Director.

(There was a cybersecurity co-ordinator within the U.S. National Security Council, but it was eliminated in 2018).

“The reality is that we are dangerously insecure in cyber,” the executive summary says. “Our country has lost hundreds of billions of dollars to nation-state-sponsored intellectual property theft using cyber espionage. A major cyberattack on the nation’s critical infrastructure and economic system would create chaos and lasting damage exceeding that wreaked by fires in California, floods in the Midwest, and hurricanes in the Southeast.”

The 14 commissioners — four legislators from Congress, four senior Trump administration executive agency leaders, and six experts from outside of government — admit they didn’t agree on everything.

For example, they couldn’t make a firm recommendation on the controversial issue of whether the government should order tech companies to give law enforcement and intelligence agencies lawful access to encrypted devices. All they could do is provide a common statement of principles.

The report’s recommendations are group into six pillars:

• Reform the U.S. government’s structure and organization for cyberspace so decisions can be made quicker;
• Strengthen international cyber norms, or accepted rules of cyber behaviour, through enforceable agreements;
• Promote national resilience in critical infrastructure, which is the capacity to quickly recover from cyber-attacks;
• Reshape the cyber ecosystem by partnering with the private sector to encourage the baseline of security to rise;
• Improve collaboration with the private sector to not only help the government counter cyber threats but also help business understand them;
• Allow the cyber capabilities of the military to “defend forward” against threats and impose costs on attackers.

Canada’s strategy has a number of elements: An updated 2018 National Cybersecurity Strategy, which for years has included working with 10 critical infrastructure sectors (such as energy, transportation, healthcare, manufacturing and finance) to guide them on improving their cybersecurity and response, backed with a 2019 implementation plan; the merging of several federal cyber units in 2018 to create the Canadian Centre for Cyber Security for better advising the public and private sectors; the creation with the RCMP of a National Cyber Crime Coordination Unit (NC3) for handling complaints; and federal support for the Canadian Cyber Threat Exchange (CCTX), a threat information sharing service largely for the private sector.

However, the Centre for Cyber Security isn’t fully up to steam. A program to certify businesses as meeting minimum security standards has been launched, but won’t be really running until next year, and the RCMP’s NC3 won’t be until 2023.

Related:

Canada among countries promising to fight extremist content

 

All this is praised by Leuprecht. “There are some areas where we are exemplary, and the CCTX is a good example.” And so is the Canadian Centre for Cyber Security, once it’s fully operational, he added. “That is something lacking in the U.S.”

However, he complains “there’s lots of talk in Ottawa about resilience, but no one knows how to do it.”

When it comes to Canada’s critical infrastructure, there’s a lot of heavy lifting to be done, especially around the National Cybersecurity Strategy. “We’ve really left much of the private sector up to themselves to try and figure it out.”

He believes a cyber attack against the healthcare sector now during a serious outbreak of a flu-like virus would cause “chaos.”

Rather than act at the speed of cyber, he complained “we have a government structure set up to move at analog speeds. We need much more rapid decision processes, we need a more agile and flatter government” to respond to online threats.

from IT World CanadaIT World Canada https://ift.tt/2W32670

Huawei Mate 30 Pro set to debut in Canada without Google Services

The elusive Huawei Mate 30 Pro will finally be coming to Canada in May, as confirmed by Huawei in an interview with IT World Canada.

As Huawei’s best offer in the high-end smartphones market, the Mate 30 Pro packs a HiSilicon Kirin 990 processor, 8GB of RAM, and up to 256 GB of storage behind a 6.53-inch OLED display. The display rolls off on the edge, a design Huawei calls the waterfall display. Since there’s no room for a volume rocker, users need to double-tap the edge to summon it on-screen.

Notice how the screen curves around the edge, hence called the waterfall display. Photos by Tom Li.

The Mate 30 Pro carries a center-aligned square camera module with major improvements over the last-gen. It has a 40MP wide-angle camera, a 40MP ultra-wide camera, an 8MP telephoto camera, and a time-of-flight (ToF) sensor. For sports and wildlife shooting the main camera can record at a mind-boggling 7,680 fps for a fraction of a second.

The center-aligned circular camera module adds variety to the otherwise blocky body.

Since Google is still banned from doing business with Huawei, the Mate 30 Pro will ship without Google Play Services. Instead, the phone will come with Huawei’s AppGallery.

No volume rocker on the edges; just a simple power button.

First launched on Feb 24, the Canadian version of Huawei’s AppGallery is still in beta, but Huawei told IT World Canada that it already has over 19,000 apps. Speaking from a global scale, Huawei said that its AppGallery has been gaining 5,000 new apps per month. In addition, the company touts that there are now 26 million monthly active App Gallery users in Europe.

Despite the ban, Huawei’s EMUI 10 operating system is still built on Android 10, albeit built with the Android Open Source Project (AOSP).

While 5G is slowly being rolled out in Canada, Huawei has decided against releasing a 5G-equipped Mate 30 Pro in Canada.

Huawei has yet to announce an exact release date or official Canadian pricing.

from IT World CanadaIT World Canada https://ift.tt/3aHPhDg

Koodo admits February data breach, data already being sold on dark web

One of Canada’s three big wireless carriers was hacked last month, with the attacker making off with customer names and phone numbers for two months during the summer of 2017. The stolen data is already on sale online.

According to Bleeping Computer, Telus has begun notifying customers by email that a database of subscribers to its low-cost Koodo service about the violation of security controls.

The email says that on Feb. 13 an unauthorized third party using compromised credentials accessed the Koodo system and copied data for the months of August and September 2017. This data included customer mobility account number and telephone number. If that information changed since then, it wasn’t compromised.

However, account and phone numbers could be used by a criminal to switch a customer’s mobile to other numbers. That would enable the attacker to receive a two-factor authentication code if that safety capability has been enabled. As a result, Koodo said it has enabled the “Port Protection” feature on the affected accounts, which prevents attackers from porting a Koodo Mobile number to another carrier unless the account holder first calls and requests it to be done.

“We have found evidence that the unauthorized third party is offering the information for sale on the dark web,” the email to affected customers says. “With port protection in place, we do not believe that your information could be used for any fraudulent purposes. Nevertheless, we have reported this incident to law enforcement and the Office of the Privacy Commissioner of Canada and we are working closely with them on this matter.”

However, the news story also says the notice to customers advises them to stop using their mobile number as the second factor in a 2FA setup.

from IT World CanadaIT World Canada https://ift.tt/2vKo3gk

Security in Canadian financial services: Explore all the changes in a single day

Financial services is at a crossroads right now. One of the main challenges facing professionals in this industry is around moving to the future from the legacy they have today. But doing so is easier said than done, and with only 30 per cent of finance transformations delivering on the forecasted benefits to the business,…

from IT World CanadaIT World Canada https://ift.tt/39qDoBg

A new Google Cloud platform region to come to Toronto

Google Cloud is building a new platform region in Toronto to support its expanding customer base in Canada, the company announced in a blog post today. 

It will launch with the company’s core portfolio of Google Cloud Platform products, which includes Google Kubernetes Engine, Compute Engine, BigQuery, Bigtable, App Engine, and Spanner. 

Complementing Google Cloud’s existing Montréal region, which was opened in 2018 – marking the company’s official arrival in Canada – the new Google Cloud platform region in Toronto (with its three zones, similar to those in Montréal) will enable organizations across all industries and of all sizes to distribute storage and apps, safeguarding them against service disruptions. 

Google Cloud platform – Montréal

“Having already collaborated closely with the Google Cloud team in Montréal, where we’re headquartered, we look forward to their Toronto expansion. Google Cloud services are allowing us to bring a lower-latency travel planning and booking service to our customers. The second Canada region will allow us to extend that experience to more people around the world,” said Ken Pickering, chief technical officer of the travel-booking app, Hopper, in the blog post.

Google Canada also says that the Toronto region will provide distributed, secure infrastructure to help organizations meet disaster recovery and compliance requirements, which is something that its customers have been asking for, especially e-commerce providers, financial institutions, public sector organizations, and other organizations operating in highly regulated industries.

“System performance and security are critical for us…an organization that clears and settles hundreds of billions of dollars every day. Google’s new Toronto cloud region will help us continue to modernize our infrastructure, strengthen our resilience, and create a digital platform for innovation,” said Andrew McCormack, chief information officer at Payments Canada, a national payment clearing and settlement system. It leverages Google Cloud solutions like Apigee for digitization and management of its hybrid cloud environment.

Expected to be completed in 2021, the Toronto region – along with three additional cloud regions that Google announced today in Melbourne, Delhi, and Doha – will add to the company’s existing 22 cloud regions and 67 zones, all becoming part of its worldwide network of secure and reliable infrastructure. 

from IT World CanadaIT World Canada https://ift.tt/2PQT74T

Canada has highest wireless value among G7 nations: U.S. study

A new U.S. study commissioned by the U.S. Industry Association and the Cellular Telecommunications Industry Association (CTIA) says that Canada offers leading mobile propositions for consumers among G7 nations and Australia.

Out of 1,554 mobile plans offered by 213 mobile operators in 36 countries, Canadian mobile plans cost 4.7 per cent lower than other G7 countries and Australia for the same quality of service. Its value proposition bested all other G7 nations.

Source: U.S. Industry Association and the Cellular Telecommunications Industry Association (CTIA) – A Comparison of the Mobile Wireless Value Proposition.

When compared to 15 European Union countries and the U.S., Canada ranked 6th in mobile service value proposition. The model for this comparison used some estimated data for the EU countries and assumed they all share important commonalities.

In its abstract, the report stated that its goal is to offer a more complete comparison between U.S. mobile services and other countries. It factored multiple variables into consideration instead of relying solely on price.

“The [previous] studies’ simplistic analytical techniques assume a world where consumers are indifferent to all other competitive differentiators (i.e., monthly service allowance and quality differences) beyond price,” wrote the study abstract. “The price rankings also fail to consider the vast differences between the study countries that affect the building of networks.”

In order to offer this complete picture, the new U.S. study included plan attributes, network attributes, and country attributes along with pricing, which encompassed monthly recurring charges, net of taxes, and installation fees. Pricings were gathered from consumer-facing websites of 1,554 facility-based and MVNOs. The detailed methodologies and data selection process can be found in the full report.

Opensignal’s bi-annual report, published in February, concluded that Canada’s mobile performance is world-class, beaten only by South Korea. Measurements were sampled from devices in major cities including Toronto, Edmonton, Calgary, and others.

OpenSignal calculated Canada’s average wireless download speeds to be between 51.2Mbps (Rogers) to 75.0 Mbps (Telus), far ahead of the 41.6Mbps average stated in the U.S. report. Its 4G availability was 2.7 to 4.2 per cent short of the 95.4 per cent global average, however.

Last week, the Canadian Radio and Telecommunication Commission (CRTC) concluded a major hearing with Canadian telcos to evaluate the merits of enforcing MVNOs and the state of wireless competition.

from IT World CanadaIT World Canada https://ift.tt/2TyEWCH

‘Being a cloud-enabled government is a very positive thing for BC’: Insightful chat with CJ Ritchie, CIO at the Government of British Columbia

CJ Ritchie, the chief information officer at the Government of British Columbia, is a visionary leader taking a pragmatic view of what the future may hold for British Columbia.

from IT World CanadaIT World Canada https://ift.tt/2PIuIOG