Highlights from Toronto Security Conference 2023
The Toronto Security Conference 2023 brought together security professionals from across Canada and beyond to discuss the evolving threat landscape. Several key themes emerged during the three-day event, including the rise of AI-powered threats, the growing importance of supply chain security, and new approaches to security awareness training.
AI-Powered Threats: The New Frontier
One of the most discussed topics at the conference was the increasing sophistication of attacks powered by artificial intelligence and machine learning. Speakers highlighted how adversaries are using AI to:
- Generate highly convincing phishing emails that evade traditional filters
- Automate reconnaissance and vulnerability discovery
- Create deepfakes for social engineering attacks
- Adapt malware behavior to evade detection
Dr. Sarah Johnson from the University of Toronto presented research showing a 300% increase in AI-assisted attacks over the past year. "What makes these attacks particularly concerning," she explained, "is their ability to learn and adapt in real-time to defensive measures."
"We're entering an era where the speed of attack and defense is outpacing human capabilities. Organizations that don't incorporate AI into their security posture will increasingly find themselves at a disadvantage."
Supply Chain Security: The Weakest Link
Another major focus was the continued evolution of supply chain attacks. Following several high-profile incidents in the past year, speakers emphasized the need for organizations to gain better visibility into their software dependencies and third-party vendors.
Michael Patel from the Canadian Centre for Cyber Security outlined a new framework for supply chain risk management that includes:
- Comprehensive software bill of materials (SBOM) requirements
- Continuous monitoring of third-party security postures
- Segregation of supplier network access
- Regular tabletop exercises simulating supply chain compromises
Panel discussion on supply chain security featuring experts from government and private sectors.
Security Awareness: Beyond Compliance
A refreshing number of sessions focused on moving security awareness beyond compliance checkboxes to creating meaningful behavioral change. Presenters shared case studies of organizations that have successfully fostered security-minded cultures.
Key strategies included:
- Personalized training based on role and risk profiles
- Gamification elements that reward secure behaviors
- Just-in-time training delivered at moments of risk
- Executive involvement and visible commitment
Our team participated in several workshops demonstrating these approaches, and we're excited to incorporate these techniques into our own community education initiatives at DC416.
Looking Ahead
The conference concluded with a forward-looking panel featuring CISOs from major Canadian organizations. The consensus view was that while threats continue to evolve in sophistication, the security community is responding with increased collaboration and innovative defensive strategies.
We're already planning our community discussions around these topics at upcoming DC416 meetups. If you're interested in diving deeper into any of these areas, join us at our next event where we'll be hosting a workshop on identifying and responding to AI-powered phishing attempts.
