You might not know it, but some of the leading work in the cybersecurity space is being done in Burnaby, B.C.
That’s because the Lower Mainland city is home to the Canadian headquarters of Fortinet, one of the world’s largest cybersecurity companies. While Fortinet has offices and operations in more than 150 countries and territories, its global “FortiGuard Labs” R&D campus is actually based in Burnaby. It’s perhaps a surprising fact considering the company’s massive customer base of nearly 900,000 that includes such clientele as Interpol, the World Economic Forum, NATO and MIT. In total, over 2,600 employees out of Fortinet’s 14,000-plus global workforce are spread across Canada.
But Fortinet’s Canadian ties extend to co-founder, president and chief technology officer Michael Xie’s formative years. In the 90s, the Chinese native moved to North America and studied engineering at the University of Manitoba. While Fortinet would later be founded in Sunnyvale, California in 2000, Xie was actually living in Burnaby when he prototyped what would become the company’s first product.
“It really allowed us to start the organization here. So although headquartered in Sunnyvale, I say [we’re] ‘heartquartered’ here. It just grew here and grew here because we had a talent pool,” says Gordon Phillips, regional vice president of sales for Western Canada at Fortinet. “It’s such an important part, because every product is touching here. The biggest threat research lab is here. Every piece of our business touches Burnaby.”
During a media tour of part of the Burnaby campus, Fortinet offered a glimpse at some of the work that goes on there. Large screens containing an almost overwhelming amount of data are hung prominently throughout. Rows and rows of desks and computers are aligned, with employees typing away diligently. In an adjoining windowed room, analysts, with the help of artificial intelligence and machine learning tools, are actively responding to threats that come in, represented on-screen by red dots that flow in a pool of safe green ones that pour like a miniature Niagara Falls.
As we move through the facility, we come to a giant room containing all of the servers. It looks as high-tech as you’d expect, and there’s something oddly relaxing about imagining the intense Tron-like cyber warfare these machines are engaging in as they quietly hum in a nondescript room. At the same time, it’s nice to know that they’re quite sustainable, too. Using a dry cooler system, the lab is able to take Canada’s naturally cooler air in nine months of the year to keep the machines from overheating at 98 per cent efficiency.
All of this is no doubt important considering that Fortinet’s network of human and machine workers are labouring 24/7 to process more than one trillion security events daily. It’s a staggering number to even try to comprehend. And naturally, threat levels are only increasing over time with the advancement of technology. During our tour, Fortinet explained that the financial impact of cybercrime is estimated to be around US$10 billion (about C$13.8 billion) this year. As Phillips explains, that’s a significant increase in just a couple of years.
“Growth has been phenomenal, and it’s getting bigger and bigger,” says Phillips. “I do think AI will play into that and make it even more significant over the next little while.”
At the same time, Phillips cites recent comments about operational technology (OT) from Fortinet CEO Ken Xie about there being “ten times more” devices than people, which will only exacerbate these threats. They’re not necessarily as mature as IT cybersecurity, so there’s definitely a lot of work to do there,” he says.
Of course, it wasn’t always that way.
“When we first started doing security, really, it was perimeter security and protecting your endpoint device with some antivirus. Now, we have 60-plus solutions that customers can get from us, solutions and services, and it can be every piece of it. It comes from mail, it comes from the endpoints. It comes from the cloud. It comes from the applications. It comes from mobile devices. There’s so many pieces now,” he says. “Security started off, ‘if we protect the perimeter and run some security on the desktop, we’re pretty secure.’ Now, we’re so open, and we’re such a high communicating society that there’s just so many places that they can hit us from. So that’s really been the biggest change — staying ahead of it.”
He specifically singles out mobile devices as something that people need to keep an eye on.
“I think every one of us now is dealing with those crazy SMSes coming in where they’re just looking for a reply, or they’re seeing you have a package being delivered, or couldn’t be delivered, and, ‘click on this link.’ We can’t click on those links. But it does feel like Amazon or UPS or whoever it is. So it’s a real challenge because people are making decisions every day, ‘Is that a safe link or not? Is that my bank or not? Is that a real alert or not?'” he says.
“And everybody has at least one [device]. In most cases, people are carrying a phone, they’re carrying a tablet, they’re carrying multiple devices. Whereas before, your computer at your office was somewhat easy to secure. Now, the products or the devices we have to secure are at home, they’re in our pockets, they’re in our cars — they’re everywhere.”
In its latest Threat Landscape Report, Fortinet also provided insight into the evolving habits of bad actors around the world. Most notably, Canada placed third (5 per cent) overall in terms of the highest number of cyberattacks last year, behind only the U.S. (61 per cent) and U.K. (6 per cent).
“A lot of times, cybercriminals are trying to instil discomfort and terror, and in a wonderful free country like Canada, it has a bigger impact if they target this environment,” says Phillips. “The amount of critical infrastructure we do here because of power generation, because of the energy sector and those kind of organizations — and the fact that we have very strong health care in Canada.” He added that Canada’s close relationship with the U.S. is also a contributing factor.
In terms of what’s actually being targeted, Fortinet notes that industries like manufacturing, healthcare, and financial services have been facing a “surge” in tailored cyberattacks. With respect to that last market, Phillips notes that “we have very large banks in Canada compared to many of the other geographies out there in the world,” which makes them of particular interest to hackers. “We have very strong cyber security resilience in our banks, which is great. We have a very secure infrastructure there, but they’re targeted because the impact is significant.”
Naturally, humans can’t respond to every one of these threats, especially when there are more than one trillion per day. Phillips says that’s where AI can come in. “We’re triaging trillions of threats a day, looking for those patterns. Creating that layer of defence where we can logically go in and see what’s going on is critical,” he says. “The other piece of it that’s super cool, though, is the agentic AI, where you can take a less skilled analyst and have your playbooks guide them through.”
He proposes an example of a plant operator who’s “not an IT guy” but gets an alert on a Friday evening that somebody is trying to get into the system and suspects it’s fraudulent because of the timing.
“He can literally just say, ‘What is happening?’ and it’ll give a reply saying, ‘This is the behaviour we’re seeing.’ What are you recommending we do?’ ‘Well, I recommend you call the IT security team, or I recommend you unplug this device,’ or whatever it gets told. But it’s based on the playbooks and the best practices that our FortiGuard Labs team has put in,” says Phillips. “So I think that’s going to be the biggest effect of AI — we’ll be able to repel the attacks more effectively. Because we almost have a reserve army now. We almost have a whole group of people that can be more skilled cyberprofessionals by leveraging AI to upskill them at the time of an attack.”
But ultimately, Phillips says it’s important that we, the average people, stay vigilant because we’re the “first line of defence” against cybercrime. “We’re the ones that are going to see way more of those attempts, because it’s a numbers game to that threat actor. If I send out a million text messages, I only need a couple to click on it, because that turns into money for me,” he says. (During our tour, Fortinet explained that for every $4,000 bad actors spend on cybercrime, $1 million is returned to them — a 2,500 per cent return on investment.)
Data from Fortinet’s 2025 Threat Landscape Report.
Therefore, he calls for people to be more “generally cyber aware,” especially when it comes to younger users. “They may be easier to trick because they don’t have the experience we have as adults. And then they also take advantage people who are less cyber aware or tech aware; they really take advantage of senior citizens […] Hopefully, making it easier and better for them to be more aware, and cybersecurity awareness is really the biggest piece of that.”
Naturally, then, that begs the question: what advice would he give to help improve that awareness?
“My father and I talk about this a lot, because I’ll get the call saying, ‘Hey, I got this message. Should I click on it?’ Don’t click!” he says. “Really look at it and say, ‘Am I expecting something from my bank?’ Or don’t click and go on your banking app and see if that message is waiting there for you. Because typically, those are just people trying to steal your credentials. So don’t click. Be very confident with what you’re doing. Don’t go to an untrusted site. Just some of those tools are super important.”
He suggests double-checking to make sure supposed concerns are indeed valid, be that by opening the corresponding app or, in the case of banking information, logging on via your computer instead. “It’s typically just bad information.”
Image credit: Fortinet
MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.
