If you would like to get a quote from us, or input/background, or ideas for a story, drop us a line at info@headfry. com - leave us a number, and we will give you a call back.
Thanks for taking an interest.
Mary was the opening speaker for the 'Compliance' stream at the recent InfoSecurity Canada Conference in Toronto, discussing Regulatory Compliance Issues and Security
She spoke at the SNIA (The Storage Network Industry Association) 'Security Summit' on June 2, 2005 at Carnegie Mellon University, Pittsburgh- on the topic - Talking Compliance and Debunking Myths.
She spoke at the Tom Ridge (first US Homeland Security Secretary) event at the Toronto Speakers Forum on May 11, 2005 on the topic: Technology Imperatives & Counter-Terrorism: The Problem or the Solution?
She has appeared on RoB TV and Global News in Canada, public radio, and been quoted in the Irish Times,
The International Herald Tribune, the Financial Times, numerous financial and banking journals, and extensively
in the media in Canada.
"Unless you get senior management to accept accountability for these types of processes and procedures,
nothing happens," Ms. Kirwan says. "You end up with some poor IT guy toiling in the basement trying to
implement complex security requirements. Without support from the top down, it's really a complete and
utter waste of time."
When it comes to establishing a sound security strategy, Ms. Kirwan has this advice for executives:
View it not as a burden, but as a benefit. "Many companies are trying to get more exposure and business
through an Internet strategy," she says. "They stand to lose an incredible amount if someone screws up."
National Post- 24/2/04
Companies you would expect to know better do not have information security policies in place; do not have
people who are responsible for information; and there is a dissociation between senior management and
security personnel," Ms. Kirwan said. "What we have to do is establish a culture of security in Corporate
Canada."
Globe & Mail 04/02/04
"Identity theft is one of the areas of consumer fraud that is increasing in an enormous way," said
Mary Kirwan… The best protection, she said, is to be careful.
Use only secure servers when shopping online, contact credit card companies when bills don't show up on time and every so often, ask a credit agency for a copy of recent requests for credit history, she suggested.
"We all have to live, so you can't afford to be overly paranoid," Kirwan said. "But a little bit of
paranoia can go a long way."
Canadian Press – 30/01/04
"Unfortunately, sometimes companies put in every type of security you can think of, then they forget that
sometimes the biggest weak link is their employees," says Kirwan. "Insider attack is usually the vulnerable
point.
"You could have a lot of good security (but) you might not have proper policies and procedures in place
in terms of your employees. You might just have a few bad eggs."
Business.ca- 14/02/04
"Everyone has a role to play in securing their own piece of cyberspace," says Mary Kirwan… Her concern is
not that terrorists could take down the entire infrastructure in a single attack. But she warns that a
concentrated attack on a single telecommunications company or some other key hub in electronic networks
could have a cascading effect and bring all kinds of interconnected computer systems to a standstill.
Given that there have already been many cases of widespread random mischief caused by so-called worms or
viruses, malicious code transmitted over the Internet, Ms. Kirwan says, "a targeted virus could wreak havoc."
With the Internet linking trading partners, businesses, consumers and government agencies throughout North
America and the world, a cyberwar would respect no boundaries and terrorists might attempt to bring networks
down by attacking the weakest link in the chain of interdependencies, Ms. Kirwan says.
"A Canadian company has to be concerned that it may be the weak link in a relationship with a U.S. trading
partner," she says.
Ms. Kirwan notes that cyber attacks often surreptitiously co-opt the resources of thousands of computers
in so-called zombie assaults on a single target. For example, a denial of service attack can be launched
by getting each zombie computer to send a stream of electronic messages, so that the target is overwhelmed
with millions of incoming e-mails.
For those who do not feel that it is their patriotic duty to secure their computer systems, there are also
compelling business reasons to do so, Ms. Kirwan says.
For one, there may be legal liability involved in a lack of vigilance that results in your organization's
computer system being used to launch an attack on your trading partner and the data that you store in your
computers may well belong to your clients, suppliers or partners.
"So it is probably an ill-judged decision to say that you have no role to play or that there is no price
to be paid for a lack of attention to security," she says.
Ms. Kirwan urges businesses to review the value of the information that is stored in their computer
systems and encrypt their sensitive data, paying particular attention to the access data that a
cyber-terrorist or any other hacker might use to gain control of critical functions.
Report on Business magazine (Globe & Mail) - 24/03/03
Mary Kirwan, a lawyer and security specialist, said there's great demand among organized crime for such
personal information because it can be used for various fraud scams, including "skimming" the Internet for
credit-card numbers. She cited a recent case involving a major U.S. insurance company, in which an employee
stole personal information and was caught trying to sell it for $50 (U.S.) for each person's data.
"There is a price that will be paid by many groups," said Ms. Kirwan. "There is a very big demand
among organized-crime syndicates and credit-card scam artists for the information -- so much that
there's a black market for the information."
There's also no shortage of places to buy fake documents or generate false SIN cards, particularly
over the Internet.
Ms. Kirwan said the market for selling personal data has grown quickly in recent years. "It's
getting quite scary," she said. "It's not just juvenile hackers doing this for fun."
Globe & Mail - 27/05/03
Ms. Kirwan's experience is that most cases of theft of proprietary information and identity theft are
inside jobs done by disgruntled employees, and denial-of-service attacks are usually the work of "script
kiddies," young amateur attackers who download a malicious program from the Internet and launch non-profit
attacks purely for bragging rights to their friends, a form of vandalism.
Ms. Kirwan wisely advised that we should not rely on surveys such as the one put out by CSI/FBI until
insurance companies weigh in; insurers require hard figures before their underwriters can assess the
risks accurately enough to set premiums. The reason they haven't done so is because they don't trust the
figures.
05/06/03 – Globe & Mail
Mary Kirwan, a lawyer and security specialist, said no information is more personal than health records,
particularly for people with disabilities.
"The most sensitive information would clearly be health records," said Ms. Kirwan. "It's the core of
your being."
Governments need to review the safeguards that surround personal data, she said. "Government is a
custodian of the most sensitive data that exists."
The stolen information can be used in ways that create "quite a lucrative business model," Ms.
Kirwan said.
In each of these recent cases, the government has offered the victims new social insurance numbers.
Ms. Kirwan said criminals are often one step ahead of police in the fast-changing area of electronic
crime.
