Friday at noon: the crisis zone
It’s a Friday at noon, the day before a long weekend: prime time for a cybersecurity attack. A company’s worst imaginable day. Word spreads through the organization. Someone needs to make a call — but is there a protocol? Senior leaders and key decision-makers have already left for the long weekend. Is it the right call? Can the call wait?
Who picks up the phone? Setting roles and responsibilities
On the other end of that panicked call is a network of police who ensure you get the specialized help you need. division of law enforcement. Their job is to assess the extent and severity of the breach and determine what resources they’ll deploy.
They are highly trained, deeply networked, and precise in their work. There’s a protocol, and they know how to execute it to achieve the best possible outcome.
But timing is everything — and that responsibility falls on the organization. The goal of law enforcement is to gather as much information as possible without interfering with the company’s worst day.
Melanie Power, recently retired Manager, Cyber Operations Section, Ontario Provincial Police, and Lina Dabit, Executive Director, Office of the CISO, Optiv Canada, are cybersecurity law enforcement experts and leaders. They joined the Catalyst recently at our second annual Catalyst Summit to share their thoughts and expertise on the relationship between cybercrime and law enforcement. They have seen it all, know the processes inside out, and above all, they are approachable — and here to help.
When that call finally goes through, the cyber team on the other end isn’t just “taking a report” — they’re switching into incident mode. Their first job is to listen and gather the basics: what’s happening, which systems are affected, what has already been done, and whether the attack is still unfolding. From there, they start shaping an investigation, asking for logs, screenshots, timelines, and points of contact, while coaching the organization not to wipe or reset anything that might be evidence.
Behind the scenes, they loop in the right specialists, connect indicators from this case to other files, and decide which legal and procedural tools might be needed next. All of this happens in parallel with the company’s own response, so the goal is simple: protect the victim, preserve the digital trail, and build a path to accountability without getting in the way of an already very bad day.
Out-thinking bad luck and bad timing
A good outcome depends on a good strategy. You don’t have to be a catastrophist, but to mitigate against cybersecurity threats, you do need to be realistic. A fairweather approach to planning won’t suffice. It’s easier to plan for a Tuesday or Wednesday attack or to allocate responsibility to leadership, but the fact is that attacks often occur at moments when resources are scarce, and decision-making is compromised. That’s how you can get your edge.
Melanie presses the essential questions: Who will be in charge? Who is the decision-maker? Do they know what is expected of them?
According to Melanie, it’s not a matter of if but when. If you prepare well, you’ll be ready when it comes.
What does it mean to prepare for a cyberattack?
Melanie advocates for preparedness. “In the midst of a crisis, it’s not the time to Google to see what police jurisdiction you’re in.” She emphasizes the importance of building an incident plan in advance. That plan starts with knowing who you’re going to call. Organizations benefit enormously from reaching out to the cyber team within their local police jurisdiction to understand the steps to take if — and when — a crisis occurs. Consider writing this information down and making it accessible; if the system is locked down, you won’t have access to your computer files. Getting comfortable with your response protocol before that bad day arrives is everything.
As shared by the speakers in the morning session of the Summit, Steven Marche and Elizabeth Anderson, it is critical that stakeholders (police, academics, industry, and the public) create a space such as Innovation Hubs where we come together to address security concerns, discuss emerging AI technologies, and the thoughtful integration of those technologies to ensure collaboration and transparency.
Lina Dabit highlights the evolving role of education in cybersecurity. Within policing, opportunities for training have expanded dramatically, improving collaboration and outcomes. She recalls a case a few years ago in B.C., when someone stole another person’s cryptocurrency. The judge in his comments stated, “this is a bunch of 1s and 0s,” highlighting the challenges of proving possession.
Since then, the Crown has made education a priority. They bring in judges and train them on what’s happening in the digital economy and the digital landscape as a whole — a game-changer for the entire process.
But progress depends on the government’s understanding of where the challenges lie. “Procurement is an opportunity to wade through the noise,” Lina notes.
The force of an attack when it hits
It’s also not just big businesses that get hit. Melanie has seen countless heart-wrenching cases over the years. “There are so many businesses, mom-and-pop shops, that have lost their livelihoods. They’ve been going for decades, and they lose it all. It is so sad, so disheartening.”
She urges people to use their voice. “Make sure your voice is heard. Have the courage to say to your supervisor, ‘Should we call the police?’”
Melanie recounts a family member calling her during a fishing trip, terrified they’d lose their job if they contacted the police. She reassured them: Hesitation is natural when you haven’t practiced your response. “It’s about finding your voice and having the courage to use it,” she says. “And it’s about practicing your voice.”
Closing the first-responder gap
This is exactly why the Catalyst has developed cybersecurity training offerings for law enforcement — to equip first responders with foundational knowledge to correctly identify and manage cyber incidents, preserve digital evidence, and work seamlessly with cyber experts.
The Catalyst works to equip law enforcement agencies nationwide with practical, accessible cybersecurity training to strengthen their cyber resilience and leadership in combating cybercrime. Developed with input from all levels of law enforcement, the program offers customizable courses, tabletop exercises, and workshops tailored to agency needs — supporting personnel from recruits to senior officers through cost-effective, no-prerequisite education.
An example of one of the Catalyst’s initiatives for Cyber Training for Law Enforcement is our Frontline Police Officer’s Orientation to Cybercrime, which equips first responders to navigate cybercrime calls confidently. Next session taking place on Wednesday, February 11, 2026, this course ensures frontline officers have the foundational knowledge to correctly identify and manage cybercrime incidents, preserving digital evidence and working seamlessly with cyber experts. The training addresses a critical gap for frontline officers who understand that cybercrime intervention strengthens outcomes from first response.
“We need to let the next generation know that being a cybercriminal is not a viable employment avenue,” says Melanie. Lina underscores the consequences these crimes carry and stresses the importance of managing reputation and communication during active investigations. She poses a key question: How do you manage the public’s perception when the situation is still unfolding?
Melanie also adds that law enforcement and organizations both have roles to play in bridging this divide. Police teams coordinate with their own command and with victim companies to balance perspectives. Organizations, in turn, benefit from law enforcement guidance on communication strategies long before an incident occurs.
The cost of hesitation
Lina and Melanie are deeply committed to bridging the gap between law enforcement and the organizations targeted by cyber criminals. That divide — between partners who are actually on the same side — is precisely what allows criminal activity to thrive.
“Don’t wait to call,” says Lina. “Call day one. We’re not going to get in your way.” Calling sooner is always better. It’s as simple as reporting the incident and outlining any steps you’ve taken so far. That small act can be the difference between stopping a cyber criminal and watching the damage escalate.
“Please report, please report,” Melanie pleads. “I can’t stress that enough. If you don’t report, we’re all dead in the water. We are all in this together.”
Find your voice & use it
When that Friday-at-noon moment comes — and it well may — your response shouldn’t depend on panic or guesswork. It should reflect preparation, clear roles, practiced voices, and trusted relationships with the law enforcement teams ready to help. Cyber incidents don’t wait for convenience. Neither should your call. The sooner you report, the faster the damage stops, and the stronger we all become in the fight against cybercrime.
Frontline officers are our first defense against digital crime. Let’s equip them to respond with confidence.
Learn more about our cyber training offerings for law enforcement.
About the experts
Melanie Power, now retired, was Manager, Cyber Operations Section, Ontario Provincial Police. Previously, she served as Co-Chair of the National Police Service Cybercrime Committee.
Lina Dabit was Unit Commander, RCMP Cybercrime Investigative Team Toronto, and previously served as Field Unit Commander, Toronto – Canadian Air Carrier Protective Program (CACPP). She was also Chair of the Women’s and Employee Network at RCMP Ontario. Now retired from the RCMP, she is Executive Director at Optiv Canada.