A year has passed since the federal government announced a cybersecurity certification program for small and medium-sized businesses (SMBs), but only three organizations have passed so far.
To put things into perspective, there are about 1.15 million small businesses and another 21,000 medium-sized businesses in Canada, IT World Canada reported.
A business has to prove it meets the security controls set by the government to attain the CyberSecure Canada certification. Requirements include proving the organization has an inventory of IT assets, having an incident response plan, securely configured devices, use of strong login credentials, basic perimeter defenses, encrypted critical data, having a backup plan, and so on.
The limited number of certifications comes as a surprise considering the initial interest in the program.
According to the Ministry of Innovation, Science and Economic Development (ISED), which oversees CyberSecure Canada, there was some interest in the program. There have been more than 500 inquiries about the program, and roughly half asked about how to achieve certification, ISED said. 32% said they wanted to know how to become a certification body, while 19% had general questions.
“The government is pleased with the progress to date,” ISED spokesperson Han Parmar said in an email statement, adding that some companies have just been already certified. The spokesperson added a final national standard is being drafted by the CIO Strategy Council for the Standards Council of Canada, which will be revealed sometime late next year or early 2022.
“Our next phase, now that we’re up and running, is to launch a major public outreach, engagement, and awareness-raising campaign to ensure businesses are aware of this initiative and the benefits it can provide,” the spokesperson said. The awareness campaign is expected to start late this year or early next.
There were even issues with the auditors for the certification program. The CyberSecure Canada certification initially launched with six IT service firms that could perform the audits. But since then, two of the IT firms – Bell Canada and Siemens Canada – have dropped support.
