Two-thirds of Canadian companies say they are losing the war on cyber security

The number, sophistication, and severity of cyber-attacks on companies in Canada are each on the rise, according to the findings of a new study from Scalar Decisions Inc. of more than 650 Canadian IT and security workers.
Scalar Decisions Inc. (CNW Group/Scalar Decisions Inc.)

Released today, the 2017 Scalar Security Study (commissioned by Scalar and independently by Ponemon Institute) showed that confidence continues to decline among Canadian organizations for the third year in a row as fewer believe they are winning the quickly-evolving war on security. The average number of reported cyber-attacks on Canadian organizations rose to an average of 44 attacks per year, up nearly 30% since the initial survey in 2014. The vast majority of respondents also report that both the severity (81%) and sophistication (72%) of attacks are increasing.

"IT leaders are under pressure right now, feeling like there is a deficit of properly trained personnel available in the workforce. This has led to a distinct lack of in-house expertise, which is critical to a strong cyber security posture for Canadian companies," said Ryan Wilson, Chief Technology Officer, Security, Scalar Decisions. "The increase in incidents and decreasing confidence we are seeing coincides with the growing sophistication, severity, and cost of attacks."

The study, examining the cyber security readiness of Canadian organizations and year-over-year trends in handling and managing growing cyber threats, also found:
41 per cent of respondents indicated their organization had systems in place to deal with APT's (advanced persistent threats), up from 38 per cent last year.
The most frequent compromise continue to be web-borne malware attacks (76%) followed by rootkits (67%).
Threats on the rise for 2017 including spear phishing, exploits of existing software vulnerability greater than three months old, and botnet attacks.
Among some of the biggest threats there have been slight decreases in web-borne malware attacks, APTs, clickjacking, exploits of existing software vulnerability less than three months old and zero day attacks since 2016.
Mobile devices (75%) and third party applications (70%) were identified as the greatest potential risks threatening their company's IT environment.
Negligent third party risk has increased significantly since last year along with negligent insider risk.
Only 21 per cent of respondents faced with ransomware report incidents to law enforcements, with the most common reaction currently being to simply pay the ransom.
On average, organizations represented in this study spent approximately $7.2 million on the following to remediate cyber security compromises: clean up or remediation ($873,448), lost user productivity ($963,663), disruption to normal operations ($1.2 million), damage or theft of IT assets and infrastructure ($1.7 million) and damage to reputation and marketplace image ($2.5 million).
"The overall picture being painted by the study's results is the need for enterprise-wide adoption of cyber security strategy, and the investment in both technologies and individuals with hands-on experience," added Wilson. "Organizations need trained personnel who understand how to react when faced with threats such as ransomware, spear fishing, and increasing incidents of rootkits."


Click here for Printer Friendly Version