Products About Blog

Getting Cyber Safe with Sherry Rumbolt

This article was previously published on CDS’s LinkedIn page in October 2023. Check out the original post.

“It’s important for everyone to ‘Get Cyber Safe’ because 90% of successful cyber attacks start with phishing. Many people may not know this, but phishing/vishing attacks by phone are 3 times more effective than by email…”

– Sherry Rumbolt, Senior Cyber Security Strategic Advisor at Shared Services Canada (SSC).

October is Cyber Security Awareness Month and the Government of Canada’s “Get Cyber Safe” public awareness campaign is educating people in Canada on how to be cyber safe. Many public servants are passionate about this topic and have created educational content, like CDS’s security snack time, created by Cheyenne Arrowsmith (Senior Site Reliability Engineer).

Another public servant who advocates for cyber safety is Sherry Rumbolt at SSC. We interviewed Sherry to hear her thoughts and advice.

Can you tell us about yourself and the work you do?

My name’s Sherry Rumbolt and I hail from a very small town named Mary’s Harbour, in Newfoundland and Labrador. 

I served in the Army with the Canadian Armed Forces (CAF)/Department of National Defence (DND) for more than 21 years, specializing in Information Technology (IT) and Information Management (IM). While serving on a deployment overseas in Egypt, I had an opportunity to lead teams in IT and cyber security. In 2011, I retired from the CAF/DND but continued to grow my career in the public service. I’ve worked in various roles focused on cyber security within the Government of British Columbia, DND, and now at SSC. 

I’m currently working with an amazing newly formed team within SSC, named Enterprise IT Security Operations. My role as a Senior Cyber Security Advisor is to assist the teams in building, growing, and maturing cyber operational program initiatives for not only information security operations but for operational service and support initiatives within SSC too. 

I’m very passionate about championing equal opportunities for employment equity groups and Veterans within cyber security. To help those demographics achieve professional success within Canada, I voluntarily serve on a variety of boards and advisory committees. I was named one of the Top 20 Women in Cybersecurity for Canada in 2020, one of the Top 25 Women in Defence in 2021, and recently received a SiberX Canadian Women in Cybersecurity Lifetime Achievement Award.

What made you interested in cyber security and how has the area changed during your career?

At one point in my military career, I was posted to a really cool location, named the Canadian Forces Network Operations Center. It was on the Computer Incident Response Team there that I knew cyber security was my calling. I worked with a team of exceptionally talented professionals and became fascinated with the security tools and complex analytical processes used to monitor, detect, prevent, and investigate potential cyber events and incidents. When I started in cyber security, this area wasn’t as widely known or popular as it is today and I’m so happy to see the profession grow and mature as much as it has. 

In the past 10 or more years, the number of interconnected and internet-facing devices have increased dramatically. Computer networks have scaled to accommodate the needs of people and their business objectives, which ultimately results in larger attack surfaces that require security protection. To help with this, IT and cyber security tools and technologies have increased exponentially in size and complexity over the years. But this requires highly skilled cyber security professionals to maintain these systems – so cyber security employees are in high demand and sought after worldwide (there is no shortage of work). 

What are some emerging trends you’ve noticed in public sector cyber security?

While I cannot speak to specific cyber security trends in the public sector, I can discuss what I consider are emerging trends based on what has been published in public reports and the media. 

There appears to be a surge in sophisticated, automated, AI-powered, and advanced persistent threats globally (and potentially undetected for longer periods of time). Deepfakes and misinformation/disinformation campaigns are becoming more prominent. Also, ransomware attacks seem to be increasing, which could lead to large-scale privacy breaches, resulting in costly business interruption.  Cyber threats are concerning, especially as there unfortunately continues to be personnel shortages in cyber security globally.

Why do you think it’s so important for everyone to ‘Get Cyber Safe’?

It’s important for everyone to “Get Cyber Safe” because 90% of successful cyber attacks start with phishing. Many people may not know this, but phishing/vishing attacks by phone are 3 times more effective than by email and continue to be a top social engineering technique used to obtain user credentials or password resets to gain access to a system .

While security tools and technologies are vital to protecting and securing networks, they play only one key role in keeping critical systems safe. To be effective, we need consistent education, training, and awareness campaigns for everyone. Unintended human error unfortunately continues to be one of the biggest weaknesses that threat actors aim to exploit.

Can you share a few quick tips for improving cyber safety?

  1. Two is always better than one. Use two-factor or multi-factor authentication at every opportunity to protect your personal accounts and system access.
  1. Remain vigilant. If something looks “phishy” it most likely is. Don’t open or download attachments from unknown or suspicious senders. Also, always hover over a link before clicking on it to ensure you’re being directed to the intended website.
  1. Reuse is bad use. Password reuse continues to be problematic – using the same password on multiple systems, platforms and applications is a vulnerability and something that hackers will always leverage to gain access to multiple points of entry. Keep yourself protected online using strong, unique passwords for every account you have. A password manager tool is great in assisting with generating and saving unique passwords for all of your accounts.
  1. Scan for data leaks. There’s a tool named “Have I Been Pwned” that maintains a database of username and password combinations from public leaks. These are taken from publicly available breaches that can be found via various sites on the web or dark web. 

Learn more!

Want to learn more about cyber security and how you can be more safe? Explore Get Cyber Safe’s learning resources.