Eighty-eight per cent of Canadian organizations queried in a cybersecurity survey say they have suffered cyberattack breaches in the past year, up from 83 per cent last year, says a new report.
However, 87 per cent of organizations reported threat-hunting activities have led to beefing up of company defences and 76 per cent have found evidence of malicious cyberattack activity that would previously have gone undetected. But, overall, 74 per cent of Canadian organizations we more confident of being able to repel cyberattacks today than they were a year ago.
The second annual Canada Threat Report from Massachusetts-based cybersecurity firm Carbon Black said of that number, 20 per cent have been breached between three and 10 times, with eight companies reporting more than 10 breaches.
“We found that companies are tightening up on the factors they can control, such as process weaknesses and out-of-date security technology, making incremental gains that improve their security posture from within,” Carbon Black head of security strategy Rick McElroy said.
The highest frequency of breaches was in the retail sector, but overall companies reported increases in the sophistication of breaches. “Utilities experienced the greatest growth in sophistication with 50 per cent of attacks being significantly more sophisticated than previously,” the report said. “This was followed by manufacturing and engineering companies with 30 per cent and media/entertainment organizations closely followed with 27 per cent.”
The report said the use of phishing – contacts via email, telephone or texts from someone posing as a legitimate institution to lure people into providing sensitive data – has seen a sharp increase, as attackers target the weakest link in the security chain – end users.
“Phishing appears to remain the root cause of the majority of breaches, emphasizing that businesses still have much work to do to get their employees on board and alert to phishing and social engineering,” McElroy said.
The report said companies with more than 100,000 employees are sustaining the most attacks – up 238 per cent – while those with 501 to 1,000 employees saw a 32 per cent increase on average.
Of companies breached, 49 per cent of reported negative financial impact, while 65 per cent of businesses reported post-breach reputational damage.
More than one in 10 companies in manufacturing and engineering reported suffering severe financial impact following a breach.
Moreover, the report said, companies with more than 100 people on their IT teams were most likely to report severe financial damage following a breach, with 32 per cent reporting severe financial impact.
“Reputational impact was felt most keenly in the manufacturing and engineering sector, with 29 per cent reporting severe damage,” the report said.
As a result of the findings, 88 per cent of Canadian organizations surveyed announced plans to increase cyberdefence spending in the coming year compared with 85 per cent a year ago. Ten per cent expect spending to remain the same compared to 11 per cent in the last survey.
“This is an encouraging sign of increased awareness of the tools and techniques available to mount robust defences and the growing maturity of security teams and technology deployments,” the report said. “This is underlined by the fact that investment in cyberdefence is holding up across all sectors.”