Close X
Saturday, November 16, 2024
ADVT 
National

Study estimates 36% of Canadian businesses know they've been hit by cyber attack

David Paddon, Canadian Press, 18 Aug, 2014 10:29 AM
    More than one-third of Canada's IT professionals know — for sure — that they'd had a significant data breach over the previous 12 months that could put their clients or their organizations at risk, a cybersecurity study suggests.
     
    And as startling as that statistic may be, the actual number of breaches could be higher since the same international study found 56 per cent of the 236 Canadian respondents said they believed threats sometimes fall through the cracks.
     
    "Even the best-protected networks have regular security incidents," says Jeff Debrosse, director of security research for Websense, a U.S.-based security company that commissioned the study.
     
    "It's a 24-7 onslaught. It's a barrage of attacks and attempts to penetrate the defences."
     
    Debrosse says it's a real challenge for organizations to understand their vulnerabilities, let alone prevent breaches. Technology is improving, he adds, but it's more important to share information about attacks within and among organizations.
     
    "It's not just about the vendors, it's about creating this ecosystem of threat intelligence. And that's a very important area of focus today," Debrosse says.
     
    A Statistics Canada report in June said that six per cent of the 17,000 private Canadian enterprises it surveyed had experienced an Internet security breach in 2013. About one-quarter of those reporting a breach — representing roughly 260 companies — said client or proprietary information had been corrupted, stolen or accessed without authorization.
     
    "It's a bit misleading because we're not 100 per cent sure exactly how accurate the numbers are, really," says Mike Park, an Ottawa-based cybersecurity expert now working for Trustwave, which has its global headquarters in Chicago.
     
    "It seems, in the last couple of years, the only time you're really heard anything — a major breach or anything like that — is when it has become such big news that no one can keep a lid on it . . . or when its politically expedient."
     
    A couple of recent examples of highly publicized Canadian breaches both involved the federal government.
     
    The Canada Revenue Agency discovered in April that somebody had exploited the Heartbleed security flaw, causing the CRA to call in the RCMP and temporarily shut down its public website for a weekend at a busy time of the tax year. Days later, the agency revealed that 900 social insurance numbers had been compromised.
     
    The Canadian government said in July that a "highly sophisticated Chinese state-sponsored actor" had hacked computer systems at the National Research Council, forcing it to shut down its IT network and isolate it from other government systems.
     
    Park points out that in Canada, there's no federal law that requires private companies to disclose breaches to the government or those affected. That may change with Bill S-4, the Digital Privacy Act, now before Parliament.
     
    The act proposes making it mandatory for federally regulated businesses, as well as federal government agencies, to report significant breaches to the federal privacy commissioner and to customers and clients whose private information was leaked.
     
    The Websense report done by the Ponemon Institute, a private-sector think-tank that conducts independent research on privacy, data protection and information security policy, was based on responses from 4,881 IT and IT security specialists in 15 countries surveyed in November.
     
    Among other things, Ponemon found 36 per cent of the Canadian companies in the study had experienced one or more cyber attack over the previous year that infiltrated networks or enterprise systems.
     
    It also found 89 per cent of the Canadian respondents said they personally know another security professional whose company had sensitive of confidential data stolen as a result of an inside threat.
     
    It also found 23 per cent of the Canadian cyber security teams never speak with their executive team. Of those who did, nearly half did so only annually or semi-annually, while only two per cent talked weekly with executives about security.
     
    "If the conversation is happening less than monthly, that's a pretty significant problem," Debrosse says.
     
    That's because there needs to be an ongoing assessment of what personnel, software, hardware or outside security vendors are required to deal with the risks. There also has to be an understanding, at the top, of the potential costs so they can be included in the organization's budgeting and pricing decisions.
     
    "If they're not calculating the probability of a cyber event (and) loss due to various incidents, when they're hit with one of them it is a major ordeal," Debrosse says.
     
    Charles Henderson, a U.S.-based director within Trustwave's SpiderLabs, which uses hacking techniques to detect vulnerabilities for clients, says Canadian companies face different types of threat than their U.S. counterparts.
     
    "You do see different systems targeted," Henderson says.
     
    Canadians credit and debit cards, for instance, use computer chips and passwords that are more secure than the magnetic stripes still used commonly in the United States. That means criminals are more likely to target transactions where card information is entered without a physical contact.
     
    Henderson says that in both countries there are companies that will do the minimum to deal with cyber security.
     
    "This should be an absolute red flag for an executive, if they see it in an organization."

    MORE National ARTICLES

    New Brunswick Air Ambulance Plane Crash in Grand Manan Kills Pilot, Paramedic

    New Brunswick Air Ambulance Plane Crash in Grand Manan Kills Pilot, Paramedic
    GRAND MANAN, N.B. - A paramedic and a pilot died early Saturday when the chartered plane that airlifts people from Grand Manan island to hospitals on the New Brunswick mainland crashed near the island's airport runway.

    New Brunswick Air Ambulance Plane Crash in Grand Manan Kills Pilot, Paramedic

    B.C. Government: Tailings spill no risk to humans, but may harm aquatic life

    B.C. Government: Tailings spill no risk to humans, but may harm aquatic life
    WILLIAMS LAKE, B.C. - B.C. officials say sediment discharged from a tailings pond that spilled mining waste in the Cariboo region is not toxic for humans but may harm aquatic life.

    B.C. Government: Tailings spill no risk to humans, but may harm aquatic life

    Military Veterans Coping With Post-Traumatic Stress Find Solace In Back-To-Nature Programs

    Military Veterans Coping With Post-Traumatic Stress Find Solace In Back-To-Nature Programs
    UNDATED, - Military veteran Christian McEachern had run the gamut of counselling for post-traumatic stress when, sitting on the bank of the Columbia River during a wilderness trip in B.C., he at last found a moment's peace.

    Military Veterans Coping With Post-Traumatic Stress Find Solace In Back-To-Nature Programs

    New Westminster: Man Hospitalized After Police Encounter, B.C. Watchdog Investigating

    New Westminster:  Man Hospitalized After Police Encounter, B.C. Watchdog Investigating
    NEW WESTMINSTER, B.C. - A man is in hospital with wounds police believe are self-inflicted after an encounter with officers, prompting an investigation from B.C.'s police watchdog.

    New Westminster: Man Hospitalized After Police Encounter, B.C. Watchdog Investigating

    Have US$8 million? Ontario Car Seller Has Rare Steve Mcqueen Ferrari On Auction Block In California

    Have US$8 million? Ontario Car Seller Has Rare Steve Mcqueen Ferrari On Auction Block In California
    MONTEREY, Calif. - An Ontario-based vintage car seller is looking to unload a 1967 Ferrari once owned by Hollywood icon and auto buff Steve McQueen at an auction in California.

    Have US$8 million? Ontario Car Seller Has Rare Steve Mcqueen Ferrari On Auction Block In California

    RCMP: Child Luring Charges Laid Against Two Delta Men

    RCMP: Child Luring Charges Laid Against Two Delta Men
    SURREY, B.C. - Child luring charges have been laid against two men from Delta, B.C., and Mounties say they're looking for more possible victims.

    RCMP: Child Luring Charges Laid Against Two Delta Men