{"id":213624,"date":"2026-05-14T03:00:00","date_gmt":"2026-05-14T07:00:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/14\/cybersecurity-without-borders-policy-tech-and-reality\/"},"modified":"2026-05-14T04:00:10","modified_gmt":"2026-05-14T08:00:10","slug":"cybersecurity-without-borders-policy-tech-and-reality","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/14\/cybersecurity-without-borders-policy-tech-and-reality\/","title":{"rendered":"Cybersecurity without borders: Policy, tech and reality"},"content":{"rendered":"<p><a href=\"https:\/\/securityjournalamericas.com\/cybersecurity-policy-tech-reality\/\">Cybersecurity without borders: Policy, tech and reality<\/a><\/p>\n<p><a href=\"https:\/\/securityjournalamericas.com\/cybersecurity-policy-tech-reality\/\">https:\/\/securityjournalamericas.com\/cybersecurity-policy-tech-reality\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-14 03:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityjournalamericas.com\">securityjournalamericas.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\nSJA hears from Judith Borts, Senior Director of Rogers Cybersecure Catalyst, Toronto Metropolitan University\u2018s nation center for training, innovation and collaboration in cybersecurity. <\/p>\n<p>Ask anyone working in cybersecurity right now, and you\u2019ll hear the same thing: it\u2019s not just the volume of threats; it\u2019s the speed. <\/p>\n<p>Everything is moving faster than most organizations can realistically keep up with.<\/p>\n<p>Across North America and around the globe, critical infrastructure is under constant pressure. <\/p>\n<p>Energy systems, water systems, healthcare networks, and financial institutions are not abstract targets; they\u2019re being probed, tested and in some cases, actively disrupted.<\/p>\n<p>The volume and sophistication of attacks have reached a point where many cybersecurity teams feel like they\u2019re \u201cdrinking from a firehose.\u201d <\/p>\n<p>As in, there\u2019s just too much coming at them, too quickly, to process, prioritize and respond in real time.<\/p>\n<p>And that\u2019s really the starting point: we\u2019re not preparing for a potential cyber crisis.<\/p>\n<p>We\u2019re already operating in one.<\/p>\n<p>The speed problem no one can ignore<\/p>\n<p>One of the biggest shifts right now is how fast everything is moving.<\/p>\n<p>Threat actors are leveraging AI to scale attacks in ways we haven\u2019t seen before. <\/p>\n<p>They\u2019re automating reconnaissance, refining phishing campaigns and identifying vulnerabilities faster than most organizations can respond.<\/p>\n<p>At the same time, defenders are trying to adopt more AI tools to keep up.<\/p>\n<p>But not all critical infrastructure sectors move at the same pace. <\/p>\n<p>Large, well-resourced organizations can keep up, but many others can\u2019t move quickly. These are complex, highly regulated environments often built on legacy and frequently analogue systems.<\/p>\n<p>That gap, between how fast attackers move and how slowly defenders can adapt, is where a lot of risk lives.<\/p>\n<p>Operational technology (OT) is a perfect example. <\/p>\n<p>These systems run our power grids, manufacturing lines and transportation networks, yet visibility into them is still underinvested and underdeveloped. <\/p>\n<p>This shows us what happens when that vulnerability is exploited.<\/p>\n<p>Stryker <\/p>\n<p>Take the recent attack on a US-based medtech company, Stryker. <\/p>\n<p>A data-wiping incident linked to an Iran-affiliated group didn\u2019t just hit one organization; it erased data across more than 200,000 systems in 79 countries. That\u2019s the scale we\u2019re talking about now.<\/p>\n<p>Or the disruption of industrial control systems, like the targeting of Rockwell Automation programmable logic controllers (PLCs), which are foundational to how industrial environments operate. <\/p>\n<p>These aren\u2019t isolated events; they\u2019re signals of how vulnerable globally connected systems really are.<\/p>\n<p>Even more concerning is the idea that some threat actors aren\u2019t trying to cause immediate damage.<\/p>\n<p>They\u2019re already inside critical infrastructure environments. <\/p>\n<p>They are \u201cliving off the land,\u201d embedding themselves quietly, and waiting for the right moment to act.<\/p>\n<p>This isn\u2019t hypothetical. We are already under attack.<\/p>\n<p>What Mythos changes<\/p>\n<p>With the arrival of Mythos, an advanced, general-purpose LLM developed by Anthropic, we\u2019re seeing a new kind of way that AI can potentially help organizations identify security weaknesses in their systems and suggest ways to fix them.<\/p>\n<p>Technology like this, also capable of autonomously identifying and exploiting vulnerabilities, highlights the fine line between tool and threat.<\/p>\n<p>Mythos compresses the time between discovery and exploitation, demonstrating how vulnerabilities can be chained and weaponized with minimal input.<\/p>\n<p>What previously required sustained human effort can now happen faster and on a much larger scale.<\/p>\n<p>This introduces a new reality: the process of discovery, access and misuse no longer needs to be sequential or manual.<\/p>\n<p>It can be continuous, automated and increasingly difficult to detect.<\/p>\n<p>For years, we\u2019ve debated the risks of artificial intelligence in abstract terms, including bias, misinformation and labour disruption.<\/p>\n<p>Mythos forces a more immediate reckoning.<\/p>\n<p>When AI can autonomously discover and weaponize vulnerabilities in foundational software, cybersecurity is no longer a technical issue confined to specialists.<\/p>\n<p>It becomes a matter of national security, economic stability and public safety.<\/p>\n<p>The response so far has been uneven.<\/p>\n<p>Rather than broad coordination, access to advanced defensive insight has been concentrated within a closed network of large technology firms.<\/p>\n<p>That may help secure parts of the ecosystem, but it leaves large segments, particularly non-technology sectors and smaller organizations, exposed.<\/p>\n<p>In that sense, Mythos doesn\u2019t just represent a technological shift \u2013 it exposes a structural one: who has access to defence and who does not.<\/p>\n<p>More attention, but not enough urgency<\/p>\n<p>If there\u2019s a positive trend, it\u2019s that cybersecurity is finally getting more attention. T<\/p>\n<p>here are more conversations happening now than ever before.<\/p>\n<p>But here\u2019s the issue: the urgency isn\u2019t matching the reality.<\/p>\n<p>We are still treating cybersecurity as something isolated that not everyone has to be engaged in, but it has to be a whole-of-organization discussion. <\/p>\n<p>Whether it\u2019s risks to healthcare systems, energy grids or even emerging technologies, the boundary between physical and digital threats is vanishing.<\/p>\n<p>When everyone across an organization is involved, digital infrastructure becomes part of the bigger picture.<\/p>\n<p>One that takes into consideration the cyber, physical and human capabilities needed to protect and defend critical infrastructure.<\/p>\n<p>Another area of concern is innovation.<\/p>\n<p>We\u2019re investing heavily in innovation (particularly start-ups), but not always asking the right question: <\/p>\n<p>Are we actually protecting the systems and intellectual property we\u2019re funding?<\/p>\n<p>How are we ensuring that startups are embedding security right into design so that we\u2019re not further entrenching cyber weaknesses through our technology value chains?<\/p>\n<p>Policy is reshaping the landscape<\/p>\n<p>Where things are really shifting is on the policy side.<\/p>\n<p>Governments in both Canada and the US are increasing expectations around cybersecurity.<\/p>\n<p>We\u2019re seeing more legislation, more enforcement and more accountability, particularly for critical infrastructure and the defence industrial base.<\/p>\n<p>In Europe, legislation like the General Data Protection Regulation (GDPR), NIS2 and the AI Act are already driving change with real consequences for organizations that fall short.<\/p>\n<p>In Canada, provinces like Ontario, Quebec, Alberta and British Columbia are actively introducing or strengthening cybersecurity and data legislation.<\/p>\n<p>There\u2019s also a huge amount of funding flowing into defence and cybersecurity right now.<\/p>\n<p>The intention is clear: raise the bar at the top and it will push improvements across supply chains and the broader economy.<\/p>\n<p>But we\u2019re not seeing enough being done to support the massive segments of our economy that can\u2019t afford cyber teams, tech upgrades and investments. <\/p>\n<p>We\u2019re not seeing enough being done to make sure all arms of government and the private sector are working together; cybersecurity doesn\u2019t work in silos, even if policy leans that way.<\/p>\n<p>You can\u2019t secure infrastructure without working together<\/p>\n<p>The reality is that our infrastructure is deeply interconnected and crosses international boundaries.<\/p>\n<p>Financial systems, telecommunications, transportation systems and energy grids don\u2019t stop at borders. <\/p>\n<p>Trying to secure them in isolation doesn\u2019t work.<\/p>\n<p>There are already strong examples of collaboration. <\/p>\n<p>Canada\u2019s role in the Five Eyes intelligence community, participation in Information Sharing and Analysis Centers (ISACs) and joint exercises like GridEx all show what\u2019s possible when countries work together.<\/p>\n<p>But we are still falling short when it comes to alignment.<\/p>\n<p>Different countries have different standards, different certifications and different reporting requirements. <\/p>\n<p>For multinational organizations, that creates real friction.<\/p>\n<p>At the same time, decisions about how to respond to emerging capabilities are increasingly being made by a small number of private actors, without meaningful public oversight or international coordination.<\/p>\n<p>This is where governments can have a real impact: by aligning regulations, harmonizing intelligence and incident reporting and making cross-border collaboration easier, not harder.<\/p>\n<p>Because this isn\u2019t the moment to build walls; it\u2019s the moment to strengthen partnerships.<\/p>\n<p>Prediction VS preparation<\/p>\n<p>One of the biggest misconceptions is that organizations need to anticipate every possible geopolitical or economic shift.<\/p>\n<p>They don\u2019t.<\/p>\n<p>The reality is much simpler: you can\u2019t reliably predict everything. <\/p>\n<p>The threat landscape is too dynamic, and the barriers to entry for attackers are too low.\u00a0<\/p>\n<p>The emergence of capabilities like Mythos changes the cybersecurity calculus as well, and the pace of frontier AI isn\u2019t going to slow down.<\/p>\n<p>Instead of trying to anticipate every technological and geopolitical shift, anticipating the technological, organizations can focus on their own resilience, preparedness and defence. <\/p>\n<p>That starts with understanding what\u2019s actually at risk, your data, your systems, your operations and putting in place the baseline controls to protect them.<\/p>\n<p>Identity and access management, vulnerability management, network visibility, incident response and third-party risk aren\u2019t advanced strategies anymore.<\/p>\n<p>They\u2019re the minimum. <\/p>\n<p>As well, the speed and breadth of capabilities emerging in AI based tools such as Mythos necessitate greater emphasis on resilience.<\/p>\n<p>Whether you\u2019re a start-up, a small business or a major infrastructure provider, you are a target.<\/p>\n<p>And while political and economic shifts can make things more complex, they don\u2019t change that fundamental reality.<\/p>\n<p>What is changing is the expectation around responsibility. <\/p>\n<p>Governments are starting to define more clearly who is accountable for protecting data, systems and supply chains.<\/p>\n<p>Legislation like Canada\u2019s Bill C-8 points to a future where designated operators (and likely their suppliers) will be held to specific cybersecurity standards.<\/p>\n<p>The real gap that needs to be closed<\/p>\n<p>If there\u2019s one thing holding us back, it\u2019s not a lack of technology or even awareness.<\/p>\n<p>It\u2019s alignment and prioritization.<\/p>\n<p>Alignment between countries. Between public and private sectors. Between policy and execution. And prioritization of resources to build resilience.<\/p>\n<p>We still have fragmented frameworks, inconsistent standards and barriers to information sharing, both domestically and internationally.<\/p>\n<p>In a threat environment that moves this quickly, fragmentation is a liability.<\/p>\n<p>We are also seeing the emergence of a two-tier system of cybersecurity: one for organizations with access to advanced capabilities and coordinated defence, and one for everyone else.<\/p>\n<p>At the same time, the cybersecurity talent gap continues to grow. <\/p>\n<p>The skills we need are evolving, especially with AI in the mix; organizations are struggling to keep up.<\/p>\n<p>What direction is this heading in? <\/p>\n<p>It\u2019s been said for years, but it\u2019s time to put it into practice \u2013 cybersecurity is no longer just a technical issue; it is a strategic business matter.<\/p>\n<p>It\u2019s tied to economic growth, innovation, national security and public trust. <\/p>\n<p>As more of our world becomes digital, the systems we rely on become more exposed.<\/p>\n<p>Both the challenge and the opportunity are to stop thinking about cybersecurity as something separate. It\u2019s not separate from infrastructure, policy or global collaboration.<\/p>\n<p>We\u2019re operating in a borderless threat environment, where the difference now is that the stakes \u2013 and the capabilities \u2013 have changed.<\/p>\n<p>And the priority is clear, we need to catch up to the risks already here while preparing for what\u2019s next.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity without borders: Policy, tech and reality https:\/\/securityjournalamericas.com\/cybersecurity-policy-tech-reality\/ Publish Date: 2026-05-14 03:00:00 Source Domain: securityjournalamericas.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":213625,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityjournalamericas.com\/wp-content\/uploads\/2026\/04\/Cybersecurity-without-borders_-Policy-tech-and-reality.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,17,25,27],"class_list":["post-213624","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-llm","tag-phishing","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213624"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=213624"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213624\/revisions"}],"predecessor-version":[{"id":213626,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213624\/revisions\/213626"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/213625"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=213624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=213624"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=213624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}