Cybersecurity remains an ongoing and growing problem for Canadian businesses, with an estimated 83 per cent of companies having experienced a cybersecurity breach of some kind in the past year, a new survey indicates.
In its first Canada Threat Report, Massachusetts-based cybersecurity firm Carbon Black said a January survey shows 76 per cent of companies reported an increase in cyberattacks in the past year, 25 per cent saying the volume has grown by half in that period.
“Cybersecurity can’t just be building a perimeter and putting up a defence,” said Carbon Black security strategist Eric O’Neill, a former FBI counterterrorism and counterintelligence agent. “Cybersecurity needs to be offence. You need to be cyberspy hunters.”
The report called the threat a “relentless onslaught.”
“The inevitability of breach puts pressure on organizations to start proactively detecting and neutralizing threat vectors by improving visibility, hunting threats and developing effective counter-incident response.”
The report found 85 per cent of the 250 companies surveyed were anticipating increases in cyber defence spending, with a reported anticipated spending increase of 22 per cent.
Carbon Black found that size matters in the cyberthreat context. The survey revealed 83 per cent of companies with more than 5,000 employees reported an attack increase. Some 65 per cent of companies with fewer than 250 employees saw attack numbers rise.
Malware finding its way into systems is the most common cyberattack at 30 per cent. That’s followed by phishing – fraudulent attempts to acquire sensitive information such as usernames, passwords and credit card details via electronic communications seemingly from a trusted source. That’s about 20 per cent of the problems.
However, Canadian companies are taking note of the issues.
Carbon Black found 59 per cent of surveyed companies engage in active threat hunting.
Supply chain breaches were also cited as significant problems.
Manufacturing and engineering businesses cited supply breaches at 13 per cent of attacks while web application attacks were cited as the main cause of successful breaches (21 per cent) in the financial sector.
The survey found governments and local authorities and manufacturing and engineering companies were most likely to be engage in cyberthreat hunting at 69 per cent and 66 per cent of respectively.
Canadian Centre for Cyber Security
The issues are among many Ottawa began to address with the funding of the Canadian Centre for Cyber Security last year. The centre has been pitched as a “unified source of expert advice, guidance, services and support on cybersecurity for government, critical infrastructure owners and operations, the private sector and the Canadian public.”
The centre is expected to open this summer and be fully operational by spring 2020.
It came about following the National Cyber Threat Assessment 2018, which found cybercrime is the cyberthreat most likely to affect Canadians and Canadian businesses this year.
“Cybercrime is evolving as cybercriminals take advantage of growing online markets for illicit goods and services in order to maximize their profits,” the assessment said. “Cybercriminals tend to be opportunistic when looking for targets, exploiting both technical vulnerabilities and human error.”
The assessment found:
• State-sponsored cyberthreat actors will continue to conduct cyberespionage against Canadian businesses and critical infrastructure to advance national strategic objectives;
• It is very unlikely state-sponsored cyberthreat actors would intentionally disrupt Canadian critical infrastructure. However, the assessment found, with more individuals connected to the internet through a myriad of devices, Canadians become increasingly susceptible to less-sophisticated cyberthreat actors, such as cybercriminals, and;
• Sophisticated cyberthreat actors would likely continue attempts to exploit trusted relationships between businesses and suppliers and service providers for espionage and cybercrime purposes.