Many Canadian companies can’t detect sophisticated cyber attacks
A global EY survey shows most don't know the financial impact of breaches.
TORONTO — As the frequency and scale of cyber-attacks increases, only 43% of Canadian companies can spot a significant cybersecurity incident, compared to 50% globally, according to EY’s Global Information Security Survey.
The global advisory firm’s study shows many companies have yet to embark on creating a robust security system; as a result, 72% of respondents said they need up to 50% more budget for their cyber needs.
Only 6% of organizations evaluate the financial impact of every significant breach and just over half (52%) of Canadian respondents rated business continuity management as one of their top priorities, alongside data leakage and data loss prevention.
End user awareness was the top control failure that led to a breach. This weakness is primarily exploited through phishing, where company employees engage with malicious e-mails disguised as authentic. In the process, they unknowingly let the attackers access internal systems.
The top control or process failures that led to the most significant cyber breaches last year involved: end user awareness, exploited via phishing (43%); poorly secured internet-facing systems and/or applications (11%); and outdated/unpatched systems (8%).
A lack of skilled resources and executive support are hampering the wider adoption of connected devices. The main obstacles that need to be overcome to enable the wider adoption of IoT are: a lack of skilled resources (43%); a lack of executive awareness or support (43%); and budget constraints (32%).
Click 2016 EY Global Information Security Survey Canadian highlights for study results.