Are Canadian companies losing the war on cyber-attacks?
Scalar study notes the number of increasingly sophisticated attacks are on the rise.
TORONTO — The number, sophistication and severity of cyber attacks on Canadian companies are increasing, according to a study from Scalar Decisions Inc.
The Toronto-based IT company’s survey of 650 Canadian IT and security workers found declining confidence among organizations for the third consecutive year.
The average number of reported cyber attacks rose to 44 per year, up nearly 30% since the initial survey in 2014. Most respondents also report that both the severity (81%) and sophistication (72%) of attacks are increasing.
The study found:
• 41% of organizations had systems in place to deal with advanced persistent threats, up from 38% last year.
• The most frequent compromise comes from web-borne malware (76%) followed by rootkits (67%).
• Threats on the rise include spear phishing, which exploits the vulnerability of existing software greater than three months old, and botnet attacks.
• Mobile devices (75%) and third party applications (70%) were identified as the greatest potential risks threatening their company’s IT environment.
• Negligent third party risk has increased significantly since last year along with negligent insider risk.
• Only 21% of respondents faced with ransomware threats report incidents to law enforcements. The most common reaction is to simply pay the ransom.
On average, organizations represented in the study spent approximately $7.2 million on the following to remediate cybersecurity compromises: clean up or remediation ($873,448), lost user productivity ($963,663), disruption to normal operations ($1.2 million), damage or theft of IT assets and infrastructure ($1.7 million) and damage to reputation and marketplace image ($2.5 million).