The increased use of AI poses new risks for businesses. Here’s how to safeguard your assets

To ensure your company’s information remains secure, the key question to ask is “who can access your data?” says Jordan Thompson, senior vice president of product development at cybersecurity firm Fortinet.

Canada is one of the top targets for cybercrime globally, which means businesses must take action to protect their data. According to leading global cybersecurity firm Fortinet’s 2025 Global Threat Landscape Report, there were more than 17 billion cyber-attack attempts made against Canadians in 2025 — that’s a 24 percent jump from the year before.

In recent years, Canada has seen a spike in attacks from state-sponsored adversaries. According to the Canadian Centre for Cyber Security, the country has entered “a new era of cyber vulnerability where cyber threats are ever-present and Canadians will increasingly feel the impact of cyber incidents that have cascading and disruptive effects on their daily lives.”

To stay two steps ahead of bad actors, business leaders need flexible solutions that offer both networking and security functions. “It’s critical that organizations secure their data and secure their users, while also taking data privacy very seriously,” says Jordan Thompson, Fortinet’s senior vice president of product development.

But in a politically unstable world where systems are increasingly powered by AI and employees often collaborate remotely across distances, keeping sensitive digital assets secure has become even more challenging. Given the ever-evolving threat landscape, Canadian businesses can’t afford to ignore this new reality.

Here, Thompson breaks down the risks and provides proven solutions for keeping businesses protected — without slowing down operations.

How is the changing nature of work affecting cybersecurity?

The way Canadians work has changed dramatically in recent years, requiring a different approach to data security that extends beyond the workplace.

Since the pandemic and the switch to remote work, staff expect — and often need — to access company data from anywhere, on any device, whether they’re working from the office, at home, or at a café or airport on the other side of the world. According to a recent survey of 400 human resources managers conducted by talent solutions firm Robert Half Canada, 53 percent of Canadian employers offer hybrid work options to leadership staff and a third offer flexible work options to their entire staff. In other words, the modern workplace is borderless.

AI is also changing the equation. As more Canadians turn to consumer-grade AI solutions, they introduce new risks related to organizational data security and privacy. That’s because the data they input when creating AI prompts can be used to train future AI models, meaning any sensitive information that’s provided could become accessible to all users of that platform in the future.

“AI is replacing things that we used to use day-in, day-out, like search engines,” Thompson says. “As a result, there’s this massive risk of organizational data getting sent out into the cloud to third-party vendors, where the organization has no visibility.”

 
Given current geopolitical instability, how important is data sovereignty?   

Over the past year, data sovereignty has become a key area of focus, driven in large part by the rapid rise of AI. However, this is not a new concern. With the widespread adoption of SaaS services and the shift toward remote access architectures such as Secure Access Service Edge (SASE), data has become increasingly decentralized, setting the stage for today’s heightened urgency around sovereignty.

The key question to ask, according to Thompson, is “who can access your data?” That’s because digital assets stored outside of Canada could be subject to foreign regulation and sudden changes in geopolitical alliances. “A nation’s government could say to a provider or data hosting service in that country that they have to hand over some data for a customer that’s deployed there, and that customer may have no visibility into what that local government is requesting,” he says.

Fortinet, which consistently ranks among the top cybersecurity providers in the world, established its first R&D and threat intelligence centre in Burnaby, and continues to conduct much of its engineering work in Canada. The company also manages its own data. “We have three of our own data centres in Canada — plus a number of partnerships with co-location providers and public clouds — to ensure that there are local inspection points within the country, so organizations that need data sovereignty can get it from anywhere,” Thompson says.

Hosting company data on Canadian soil, Thompson explains, keeps digital assets under Canadian jurisdiction. “If all their data is subject to Canadian privacy laws, restrictions and requirements, there’s then no risk of some other government coming in and saying, ‘I need access to that data.’”

 
How can companies best protect themselves?

The best solution for organizations looking to maintain the highest security standards and provide remote access while storing data in Canada — without slowing down business operations — is SASE, says Thompson. Fortinet’s cloud-based cybersecurity framework brings together a range of network and security functions and makes them accessible remotely, allowing staff to seamlessly and securely access work applications and data from anywhere in the world.

“To an end user it will feel like they’re on the corporate network, whether you’re in the office or working from home; it’s a seamless experience,” Thompson explains. “To the organization, it’s providing a single place to enforce that data security policy, data sovereignty, as well as user security and web access in general, across the user’s device, wherever they are.”

 
How does SASE work, exactly?

SASE leverages cloud infrastructure to filter data through the organization’s internal data systems, applying the same security requirements, restrictions and policies — regardless of the user’s location.

“An organization that has specific requirements around what users can do is able to apply that policy centrally, which ensures that the organization’s security requirements are met, wherever the users are located,” Thompson says.

 
Is it possible to provide the same security remotely without compromising speed or data sovereignty?

Filtering digital connections back through the organization’s security infrastructure has the potential to create significant lags and delays, especially for those operating far away from corporate headquarters. However, storing data in far-flung locations closer to remote or travelling end-users could present data sovereignty challenges.

“To get that security as close to the user as possible, we have to offer a number of points of presence around the globe that can provide that service in various countries and states,” Thompson explains.

Canadian businesses are increasingly looking to implement a multi-site approach, and not just because they feel uneasy about having their data stored outside of the country, Thompson notes. As a result of recent changes to data access and privacy policies in other jurisdictions, many companies  — especially those in sensitive sectors like healthcare, public sector and finance — require it among their vendors and partners.

 
What benefits does a holistic solution provide?

Housing the entire security infrastructure under one SASE platform allows for more seamless operations than a patchwork approach that cobbles together point-solutions. Thompson emphasizes that providers with an established track record for providing their own best in class solutions are optimally positioned to deliver those services in a cohesive and seamless SASE package.

Fortinet’s Unified FortiSASE solution, for example, combines the company’s market leading network security architecture, secure SD-WAN — which transforms and protects networks — with its core security appliance, FortiOS, a natively AI-powered and quantum-safe operating system.

“You have the same operating system, the same core technology, the same market leading recognition across the platform, and you’re able to provide that same security, same connectivity and the same performance, regardless of where the user or data is located,” says Thompson. For larger organizations or those with even greater data security and sovereignty needs, Fortinet’s FortiSASE Sovereign offers the same capabilities while allowing enterprises to house their data within their own infrastructure.

“They can put in security appliances to do the inspection, and effectively they build their own sovereign SASE network using Fortinet technology,” Thompson says. “They can put that in their own network and provide that same security on their own premises, and that takes the whole cloud equation out of it and allows them to fully secure their data end-to-end.”

Canadian organizations need a trusted cybersecurity partner that can provide a full suite of SASE services while keeping their data within their own borders. “Organizations need to do risk assessments to understand where the data is, where and why it’s posted, and what that means for them,” Thompson says.

This article was created in partnership with Fortinet.

Photo illustration by Stephen Gregory; Photos: Unsplash