The Day Cybersecurity Changed Forever
What Anthropic’s Project Glasswing Means – and What Canadian Organizations Must Do Right Now By Andrew Buckles, EVP, Services, ISA Cybersecurity For those close to me, this won’t come as a surprise: I think about AI every single day. The novelty of it fascinates me. Not just because of what it can do today, but […]
OSFI E-23 in Practice: What Model Risk Compliance Really Looks Like
If you lead risk, compliance, or information security at a Canadian financial institution, OSFI Guideline E-23 – Model Risk Management (MRM) – is one of your most immediate AI governance obligations. Effective May 1, 2027, it applies to all federally-regulated financial institutions (FRFIs) and sets out formal expectations for how AI and machine learning models should be governed across the enterprise. This article covers what E-23 actually requires, where institutions […]
Why Critical Infrastructure Must Prioritize Cybersecurity
By Enza Alexander, Executive Vice President, ISA Cybersecurity This article was originally published in the CCN report “State of OT: Securing Canada’s Critical Infrastructure” in September 2025. From power grids to hospitals, our modern world depends on operational technology (OT). But as these systems become more connected to traditional IT networks, they also become more exposed to today’s relentless cyber threats. […]
Taming the Flood: Bringing Order out of Chaos in Your Security Data
Today’s security teams aren’t short on data – they’re overwhelmed by it. Logs stream endlessly from cloud platforms, endpoints, networks, identity systems, and hundreds of additional sources. Each promises insight. Collectively, they create noise. The stakes are rising fast: in 2025, the average cost of a data breach in Canada reached CA$6.98 million, a 10.4% […]
AI is the New Threat Surface
Why Canadian Organizations Must Rethink Cybersecurity in the Age of AI In June 2025, a single email compromised Microsoft 365 Copilot. The vulnerability, dubbed EchoLeak (CVE-2025-32711), required no clicks, no attachments, no user interaction whatsoever. The AI assistant simply processed the malicious email as part of its normal operation – and silently exfiltrated emails, documents, […]
AI+ vs. +AI: Building a Future-Proof AI Architecture
Artificial intelligence is reshaping how organizations modernize… but not all modernization is created equal. Consider this tale of two companies who pursued AI in different ways – and with different results. Once upon a time, two companies set out to modernize their operations with artificial intelligence. Both had the same ambition: to become faster, smarter, […]
Security Awareness: The Easiest, Smartest Cyber Investment You’re Not Making
Cybersecurity isn’t just an IT issue – it’s a business continuity and resilience imperative. With one in five malicious emails still making it past filters, human judgement is a critical control point. This challenge is only intensifying as cyber criminals are using AI tools to craft flawless, personalized phishing emails that may slip past traditional […]
Zero Trust: The Key to Modern Cybersecurity and Risk Management
In a world in which users, devices, and data can be anywhere, the old “protect the perimeter” approach to security no longer works. That’s why Zero Trust has become a critical component of any organization’s security maturity journey. By adopting a “never trust, always verify” philosophy, you can significantly enhance your defenses against sophisticated cyber […]
PromptLock – the first AI-powered ransomware strain
Security researchers at ESET have identified “PromptLock”, which they are calling the first known strain of AI-powered ransomware. While still a proof of concept with no observed active usage in the wild, PromptLock represents a disruptive shift in ransomware tactics: it dynamically generates malicious scripts via an LLM rather than delivering static malware code. This […]