{"id":16283,"date":"2026-05-14T07:16:43","date_gmt":"2026-05-14T07:16:43","guid":{"rendered":"https:\/\/globalnewstoday.uk\/index.php\/2026\/05\/14\/cybersecurity-without-borders-policy-tech-and-reality-securityjournalamericas-com\/"},"modified":"2026-05-14T07:16:43","modified_gmt":"2026-05-14T07:16:43","slug":"cybersecurity-without-borders-policy-tech-and-reality-securityjournalamericas-com","status":"publish","type":"post","link":"https:\/\/globalnewstoday.uk\/index.php\/2026\/05\/14\/cybersecurity-without-borders-policy-tech-and-reality-securityjournalamericas-com\/","title":{"rendered":"Cybersecurity without borders: Policy, tech and reality – securityjournalamericas.com"},"content":{"rendered":"

SJA hears from Judith Borts, Senior Director of Rogers Cybersecure Catalyst<\/a>, Toronto Metropolitan University<\/a>\u2018s nation center for training, innovation and collaboration in cybersecurity. <\/strong>
Ask anyone working in cybersecurity right now, and you\u2019ll hear the same thing: it\u2019s not just the volume of threats; it\u2019s the speed.
Everything is moving faster than most organizations can realistically keep up with.
Across North America and around the globe, critical infrastructure is under constant pressure.
Energy systems, water systems, healthcare networks, and financial institutions are not abstract targets; they\u2019re being probed, tested and in some cases, actively disrupted.
The volume and sophistication of attacks have reached a point where many cybersecurity teams feel like they\u2019re \u201cdrinking from a firehose.\u201d
As in, there\u2019s just too much coming at them, too quickly, to process, prioritize and respond in real time.
And that\u2019s really the starting point: we\u2019re not preparing for a potential cyber crisis.
We\u2019re already operating in one.
One of the biggest shifts right now is how fast everything is moving.
Threat actors are leveraging AI to scale attacks in ways we haven\u2019t seen before.
They\u2019re automating reconnaissance, refining phishing campaigns and identifying vulnerabilities faster than most organizations can respond.
At the same time, defenders are trying to adopt more AI tools to keep up.
But not all critical infrastructure sectors move at the same pace.
Large, well-resourced organizations can keep up, but many others can\u2019t move quickly. These are complex, highly regulated environments often built on legacy and frequently analogue systems.
That gap, between how fast attackers move and how slowly defenders can adapt, is where a lot of risk lives.
Operational technology (OT) is a perfect example.
These systems run our power grids, manufacturing lines and transportation networks, yet visibility into them is still underinvested and underdeveloped.
This shows us what happens when that vulnerability is exploited.
Take the recent attack on a US-based medtech company, Stryker<\/a>.
A data-wiping incident linked to an Iran-affiliated group didn\u2019t just hit one organization; it erased data across more than 200,000 systems in 79 countries<\/a>. That\u2019s the scale we\u2019re talking about now.
Or the disruption of industrial control systems, like the targeting of Rockwell Automation programmable logic controllers (PLCs), which are foundational to how industrial environments operate.
These aren\u2019t isolated events; they\u2019re signals of how vulnerable globally connected systems really are.
Even more concerning is the idea that some threat actors aren\u2019t trying to cause immediate damage.
They\u2019re already inside critical infrastructure environments.
They are \u201cliving off the land,\u201d embedding themselves quietly, and waiting for the right moment to act.
This isn\u2019t hypothetical. We are already under attack.
With the arrival of Mythos, an advanced, general-purpose LLM developed by Anthropic, we\u2019re seeing a new kind of way that AI can potentially help organizations identify security weaknesses in their systems and suggest ways to fix them.
Technology like this, also capable of autonomously identifying and exploiting vulnerabilities, highlights the fine line between tool and threat.
Mythos compresses the time between discovery and exploitation, demonstrating how vulnerabilities can be chained and weaponized with minimal input.
What previously required sustained human effort can now happen faster and on a much larger scale.
This introduces a new reality: the process of discovery, access and misuse no longer needs to be sequential or manual.
It can be continuous, automated and increasingly difficult to detect.
For years, we\u2019ve debated the risks of artificial intelligence in abstract terms, including bias, misinformation and labour disruption.
Mythos forces a more immediate reckoning.
When AI can autonomously discover and weaponize vulnerabilities in foundational software, cybersecurity is no longer a technical issue confined to specialists.
It becomes a matter of national security, economic stability and public safety.
The response so far has been uneven.
Rather than broad coordination, access to advanced defensive insight has been concentrated within a closed network of large technology firms.
That may help secure parts of the ecosystem, but it leaves large segments, particularly non-technology sectors and smaller organizations, exposed.
In that sense, Mythos doesn\u2019t just represent a technological shift \u2013 it exposes a structural one: who has access to defence and who does not.
If there\u2019s a positive trend, it\u2019s that cybersecurity is finally getting more attention. T
here are more conversations happening now than ever before.
But here\u2019s the issue: the urgency isn\u2019t matching the reality.
We are still treating cybersecurity as something isolated that not everyone has to be engaged in, but it has to be a whole-of-organization discussion.
Whether it\u2019s risks to healthcare systems, energy grids or even emerging technologies, the boundary between physical and digital threats is vanishing.
When everyone across an organization is involved, digital infrastructure becomes part of the bigger picture.
One that takes into consideration the cyber, physical and human capabilities needed to protect and defend critical infrastructure.
Another area of concern is innovation.
We\u2019re investing heavily in innovation (particularly start-ups), but not always asking the right question: <\/strong>
Where things are really shifting is on the policy side.
Governments in both Canada and the US are increasing expectations around cybersecurity.
We\u2019re seeing more legislation<\/a>, more enforcement and more accountability, particularly for critical infrastructure and the defence industrial base.
In Europe, legislation like the General Data Protection Regulation<\/a> (GDPR), NIS2 and the AI Act are already driving change with real consequences for organizations that fall short.
In Canada, provinces like Ontario, Quebec, Alberta and British Columbia are actively introducing or strengthening cybersecurity and data legislation.
There\u2019s also a huge amount of funding flowing into defence and cybersecurity right now.
The intention is clear: raise the bar at the top and it will push improvements across supply chains and the broader economy.
But we\u2019re not seeing enough being done to support the massive segments of our economy that can\u2019t afford cyber teams, tech upgrades and investments.
We\u2019re not seeing enough being done to make sure all arms of government and the private sector are working together; cybersecurity doesn\u2019t work in silos, even if policy leans that way.
The reality is that our infrastructure is deeply interconnected and crosses international boundaries.
Financial systems, telecommunications, transportation systems and energy grids don\u2019t stop at borders.
Trying to secure them in isolation doesn\u2019t work.
There are already strong examples of collaboration.
Canada\u2019s role in the Five Eyes intelligence community, participation in Information Sharing and Analysis Centers (ISACs) and joint exercises like GridEx all show what\u2019s possible when countries work together.
But we are still falling short when it comes to alignment.
Different countries have different standards, different certifications and different reporting requirements.
For multinational organizations, that creates real friction.
At the same time, decisions about how to respond to emerging capabilities are increasingly being made by a small number of private actors, without meaningful public oversight or international coordination.
This is where governments can have a real impact: by aligning regulations, harmonizing intelligence and incident reporting and making cross-border collaboration easier, not harder.
Because this isn\u2019t the moment to build walls; it\u2019s the moment to strengthen partnerships.
One of the biggest misconceptions is that organizations need to anticipate every possible geopolitical or economic shift.
They don\u2019t.
The reality is much simpler: you can\u2019t reliably predict everything.
The threat landscape is too dynamic, and the barriers to entry for attackers are too low.\u00a0
The emergence of capabilities like Mythos changes the cybersecurity calculus as well, and the pace of frontier AI isn\u2019t going to slow down.
Instead of trying to anticipate every technological and geopolitical shift, anticipating the technological, organizations can focus on their own resilience, preparedness and defence.
That starts with understanding what\u2019s actually at risk, your data, your systems, your operations and putting in place the baseline controls to protect them.
Identity and access management, vulnerability management, network visibility, incident response and third-party risk aren\u2019t advanced strategies anymore.
They\u2019re the minimum.
As well, the speed and breadth of capabilities emerging in AI based tools such as Mythos necessitate greater emphasis on resilience.
Whether you\u2019re a start-up, a small business or a major infrastructure provider, you are a target.
And while political and economic shifts can make things more complex, they don\u2019t change that fundamental reality.
What is changing is the expectation around responsibility.
Governments are starting to define more clearly who is accountable for protecting data, systems and supply chains.
Legislation like Canada\u2019s Bill C-8<\/a> points to a future where designated operators (and likely their suppliers) will be held to specific cybersecurity standards.
If there\u2019s one thing holding us back, it\u2019s not a lack of technology or even awareness.
It\u2019s alignment and prioritization.
Alignment between countries. Between public and private sectors. Between policy and execution. And prioritization of resources to build resilience.
We still have fragmented frameworks, inconsistent standards and barriers to information sharing, both domestically and internationally.
In a threat environment that moves this quickly, fragmentation is a liability.
We are also seeing the emergence of a two-tier system of cybersecurity: one for organizations with access to advanced capabilities and coordinated defence, and one for everyone else.
At the same time, the cybersecurity talent gap continues to grow.
The skills we need are evolving, especially with AI in the mix; organizations are struggling to keep up.
It\u2019s been said for years, but it\u2019s time to put it into practice \u2013 cybersecurity is no longer just a technical issue; it is a strategic business matter.
It\u2019s tied to economic growth, innovation, national security and public trust.
As more of our world becomes digital, the systems we rely on become more exposed.
Both the challenge and the opportunity are to stop thinking about cybersecurity<\/a> as something separate. It\u2019s not separate from infrastructure, policy or global collaboration.
We\u2019re operating in a borderless threat environment, where the difference now is that the stakes \u2013 and the capabilities \u2013 have changed.
And the priority is clear, we need to catch up to the risks already here while preparing for what\u2019s next.<\/p>\n

Security Journal Americas is a publication of Centurian Media Limited
Registered office: 71-75 Shelton Street London Greater London WC2H 9JQ UNITED KINGDOM
Operating office: The Maidstone Studios, New Cut Road, Vinters Park, Maidstone Kent ME14 5NZ
Centurian Media Limited (CML) is committed to creating a diverse environment and is proud to be an equal opportunity employer. Our clients, suppliers, along with all qualified applicants that we receive for employment, fixed contract or freelance projects receive consideration without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. CML is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Website hosted and maintained by Grass Media Web Design<\/a>
Company number (GB): 11730376
VAT Number: 314 7817 00
ICO registration number: CSN0536342<\/a><\/p>\n

source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

SJA hears from Judith Borts, Senior Director of Rogers Cybersecure Catalyst, Toronto Metropolitan University\u2018s nation center for training, innovation and collaboration in cybersecurity. Ask anyone working in cybersecurity right now, and you\u2019ll hear the same thing: it\u2019s not just the volume of threats; it\u2019s the speed. Everything is moving faster than most organizations can realistically […]<\/p>\n","protected":false},"author":1,"featured_media":16284,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":{"0":"post-16283","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology"},"_links":{"self":[{"href":"https:\/\/globalnewstoday.uk\/index.php\/wp-json\/wp\/v2\/posts\/16283","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/globalnewstoday.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/globalnewstoday.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/globalnewstoday.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/globalnewstoday.uk\/index.php\/wp-json\/wp\/v2\/comments?post=16283"}],"version-history":[{"count":0,"href":"https:\/\/globalnewstoday.uk\/index.php\/wp-json\/wp\/v2\/posts\/16283\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/globalnewstoday.uk\/index.php\/wp-json\/wp\/v2\/media\/16284"}],"wp:attachment":[{"href":"https:\/\/globalnewstoday.uk\/index.php\/wp-json\/wp\/v2\/media?parent=16283"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/globalnewstoday.uk\/index.php\/wp-json\/wp\/v2\/categories?post=16283"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/globalnewstoday.uk\/index.php\/wp-json\/wp\/v2\/tags?post=16283"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}