CIRA Canadian Cybersecurity Survey identifies disconnect between awareness and actions
By Canadian Security StaffNews Data Security cira cyber threats internet security phishing pipeda
OTTAWA — On Oct. 15, the Canadian Internet Registration Authority (CIRA) released its 2018 CIRA Cybersecurity Survey, which provides an overview of the Canadian cybersecurity landscape.
The organization responsible for the .CA web domain surveyed 500 individuals with responsibility over IT security decisions at small and medium-sized businesses across Canada to learn more about how they are coping with the increase in cyber threats — the sample included both business owners and employees who manage information technology.
- 40 per cent of respondents experienced a cyberattack in the last 12 months. One in ten experienced 20 or more attacks.
- Among larger businesses with 250-499 employees, the number that experienced an attack increases to 66 per cent.
- 67 per cent of respondents outsource at least part of their cybersecurity footprint to external vendors.
- While 59 per cent of respondents said they stored personal information from customers, 38 per cent said they were unfamiliar with PIPEDA.
- One-third of respondents indicated that the most significant impact of a cyberattack is the time and resources required to respond to the incident.
- 88 per cent of respondents were concerned with the prospect of future cyberattacks, which resulted in 28 per cent suggesting they would add cybersecurity staff in the next year.
- Although 78 per cent were confident in their level of cyber threat preparedness, 37 per cent didn’t have anti-malware protection installed and 71 per cent did not have a formal patching policy – exposing these organizations to massive security holes.
- Only 54 per cent of small businesses provide cybersecurity training for their employees even though the most common form of malware seen by respondents, phishing attacks (42 per cent), directly exploit employees as a point of weakness.
Jacques Latour, chief security officer, CIRA, said in a prepared statement, “Training and awareness are critical to ensuring your business is cyber-secure. No matter how great your IT team is, anyone with a network-connected device can be the weak point that brings your business down.”
Read the full report here.
Print this page