The number, sophistication and severity of cyberattacks on companies in Canada are each on the rise, with the average number of reported cyberattacks rising to 44 attacks per year, according to the findings of a new study.
Scalar Decisions Inc. released the 2017 Scalar Security Study, commissioned by Scalar and independently by Ponemon Institute, on Thursday. The study surveyed more than 650 Canadian IT and security workers.
The study showed that confidence continues to decline among Canadian organizations for the third year in a row as fewer believe they are winning the quickly-evolving war on security. According to the report, the average number of reported cyberattacks on Canadian organizations rose to an average of 44 attacks per year, up nearly 30% since the initial survey in 2014. The vast majority of respondents also report that both the severity (81%) and sophistication (72%) of attacks are increasing.
“IT leaders are under pressure right now, feeling like there is a deficit of properly trained personnel available in the workforce,” suggested Ryan Wilson, chief technology officer, security, with Scalar Decisions, in a press release. “This has led to a distinct lack of in-house expertise, which is critical to a strong cybersecurity posture for Canadian companies. The increase in incidents and decreasing confidence we are seeing coincides with the growing sophistication, severity and cost of attacks.”
After examining the cybersecurity readiness of Canadian organizations and year-over-year trends in handling and managing growing cyber threats, the study also found:
41% of respondents indicated their organization had systems in place to deal with advanced persistent threats (APT), up from 38% last year;
The most frequent compromise continue to be web-borne malware attacks (76%), followed by rootkits (67%);
Threats on the rise for 2017 including spear phishing, exploits of existing software vulnerability greater than three months old and botnet attacks;
Among some of the biggest threats, there have been slight decreases in web-borne malware attacks, APTs, clickjacking, exploits of existing software vulnerability less than three months old and zero day attacks since 2016;
Mobile devices (75%) and third party applications (70%) were identified as the greatest potential risks threatening their company’s IT environment;
Negligent third party risk has increased significantly since last year along with negligent insider risk;
Only 21% of respondents faced with ransomware report incidents to law enforcements, with the most common reaction currently being to “simply pay the ransom”; and
On average, organizations represented in this study spent approximately $7.2 million on the following to remediate cybersecurity compromises: clean up or remediation ($873,448), lost user productivity ($963,663), disruption to normal operations ($1.2 million), damage or theft of IT assets and infrastructure ($1.7 million) and damage to reputation and marketplace image ($2.5 million).
“The overall picture being painted by the study’s results is the need for enterprise-wide adoption of cybersecurity strategy, and the investment in both technologies and individuals with hands-on experience,” added Wilson. “Organizations need trained personnel who understand how to react when faced with threats such as ransomware, spear fishing, and increasing incidents of rootkits.”
All responses for the 2017 Scalar Security Study were captured in October 2016 via a web-based survey conducted by Ponemon Institute. The final sample was 658 respondents from a sampling frame of IT and IT security practitioners located in Canada. Respondents came from a wide variety of industries, with almost 54% working at companies with an employee count between 251 and 5,000. The majority of respondents reported their position as at or above the supervisory level, the release said.
Scalar is an IT solutions provider, focused on security, infrastructure and cloud. Founded in 2004, Scalar is headquartered in Toronto, with offices in Montreal, Ottawa, London, Winnipeg, Calgary, Edmonton, and Vancouver.
Based in Traverse City, Mich., Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government.