Eighty-eight per cent of Canadian organizations queried in a cybersecurity survey say they have suffered cyberattack breaches in the past year, up from 83% last year, says a new report.
However, 87% of organizations reported threat-hunting activities have led to beefing up of company defenses and 76% have found evidence of malicious cyberattack activity that would previously have gone undetected.
But, overall, 74% of Canadian organizations we more confident of being able to repel cyberattacks today than they were a year ago.
The second annual Canada Threat Report from Massachusetts-based cybersecurity firm Carbon Black released Oct. 1 said of that number, 20% have been breached between three and 10 times, with eight companies reporting more than 10 breaches.
“We found that companies are tightening up on the factors they can control, such as process weaknesses and out of date security technology, making incremental gains that improve their security posture from within,” Carbon Black head of security strategy Rick McElroy said.
The highest frequency of breaches was in the retail sector but overall, companies reported increases in the sophistication of breaches.
“Utilities experienced the greatest growth in sophistication with 50% of attacks being significantly more sophisticated than previously,” the report said. “This was followed by manufacturing and engineering companies with 30% and media/entertainment organizations closely followed with 27%.”
The report said the use of phishing – contacts via email, telephone or texts from someone posing as a legitimate institution to lure people into providing sensitive data – has seen a sharp increase, as attackers target the weakest link in the security chain – end users.
“Phishing appears to remain the root cause of the majority of breaches, emphasizing that businesses still have much work to do to get their employees on board and alert to phishing and social engineering,” McElroy said.
The report indicates companies with more than 100,000 employees are sustaining the most attacks – up a whopping 238% – while those with 501 to 1,000 employees saw a 32% increase on average.
Of companies breached, 49% of reported negative financial impact, while 65% of businesses reported post-breach reputational damage.
More than one in 10 companies in manufacturing and engineering reported suffering severe financial impact following a breach.
Moreover, the report said, companies with more than 100 people on their IT teams were most likely to report severe financial damage following a breach, with 32% reporting severe financial impact.
“Reputational impact was felt most keenly in the manufacturing and engineering sector, with 29% reporting severe damage,” the report said.
As a result of the findings, 88% of Canadian organizations surveyed announced plans to increase cyberdefence spending in the coming year compared to 85% a year ago. Ten per cent expect spending to remain the same compared to 11% in the last survey.
“This is an encouraging sign of increased awareness of the tools and techniques available to mount robust defenses and the growing maturity of security teams and technology deployments,” the report said. “This is underlined by the fact that investment in cyberdefence is holding up across all sectors.”