The CPCSC Is Live
What Canadian Defence Suppliers Need to Do Next Nitin Bedi, ISA Cybersecurity’s VP, Services revisits the Canadian Program for Cyber Security Certification (CPCSC) as Phase 2 of the rollout takes effect, and outlines the practical steps organizations should be taking right now. Amid all the attention on Mythos Preview and Project Glasswing in early April, […]
The Preventable Breach: The Importance of Strong Vulnerability and Patch Management
The Importance of Strong Vulnerability and Patch Management The digital forensics team’s report lands on your desk in the quiet aftermath of a data breach. You open it, scanning past timelines and technical details, searching for the answer everyone’s been asking: How did they get in? Your heart sinks when you realize that the attacker […]
Mythos Preview and Frontier AI: From Uncertainty to Action
The conversation around Anthropic’s Mythos Preview, a new Frontier AI system, has escalated quickly. It has created a fundamental shift in cybersecurity and cyber risk at large. But amid all the noise and ambiguity, there are practical ways to manage this new risk. Background: Mythos in a Nutshell Mythos autonomously discovered thousands of zero-day vulnerabilities […]
The Day Cybersecurity Changed Forever
What Anthropic’s Project Glasswing Means – and What Canadian Organizations Must Do Right Now By Andrew Buckles, EVP, Services, ISA Cybersecurity For those close to me, this won’t come as a surprise: I think about AI every single day. The novelty of it fascinates me. Not just because of what it can do today, but […]
OSFI E-23 in Practice: What Model Risk Compliance Really Looks Like
If you lead risk, compliance, or information security at a Canadian financial institution, OSFI Guideline E-23 – Model Risk Management (MRM) – is one of your most immediate AI governance obligations. Effective May 1, 2027, it applies to all federally-regulated financial institutions (FRFIs) and sets out formal expectations for how AI and machine learning models should be governed across the enterprise. This article covers what E-23 actually requires, where institutions […]
Taming the Flood: Bringing Order out of Chaos in Your Security Data
Today’s security teams aren’t short on data – they’re overwhelmed by it. Logs stream endlessly from cloud platforms, endpoints, networks, identity systems, and hundreds of additional sources. Each promises insight. Collectively, they create noise. The stakes are rising fast: in 2025, the average cost of a data breach in Canada reached CA$6.98 million, a 10.4% […]
AI is the New Threat Surface
Why Canadian Organizations Must Rethink Cybersecurity in the Age of AI In June 2025, a single email compromised Microsoft 365 Copilot. The vulnerability, dubbed EchoLeak (CVE-2025-32711), required no clicks, no attachments, no user interaction whatsoever. The AI assistant simply processed the malicious email as part of its normal operation – and silently exfiltrated emails, documents, […]
AI+ vs. +AI: Building a Future-Proof AI Architecture
Artificial intelligence is reshaping how organizations modernize… but not all modernization is created equal. Consider this tale of two companies who pursued AI in different ways – and with different results. Once upon a time, two companies set out to modernize their operations with artificial intelligence. Both had the same ambition: to become faster, smarter, […]
ISA Cybersecurity Joins the Microsoft Intelligent Security Association (MISA)
ISA Cybersecurity today announced it has become a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of software development companies and security services partners that have integrated their solutions with Microsoft Security technology to better defend our mutual customers against a world of increasing cyber threats. With Canadian enterprises and public sector organizations […]