Canadian firms lag in cyber breach detection

Control issues, lack of awareness, and inability to quantify impacts of breaches hinder efforts to step up cyber safety

Canadian firms lag in cyber breach detection
With cyberattacks becoming more frequent and the associated risks becoming greater, companies around the world have been working to improve their cybersecurity systems. Despite this, many firms worldwide would still be unable to detect a breach if it were to occur – and Canada is a slight underperformer.

Results of EY’s Global Information Security survey have revealed only 43% of Canadian companies could spot a major cybersecurity incident, compared to the global average of 50%.

“Creating a robust cybersecurity program is a long, focused process, and many companies haven't taken that step,” said EY’s Canadian Cybersecurity Leader Abhay Raman, who shared that 72% of respondents reported needing up to 50% more budget for their cyber needs.

Despite the increasing influence of information technology on business, many companies are still not so interested in cybersecurity protocols. “Only 6% of organizations evaluate the financial impact of every significant breach,” Raman said. Couple that with the fact that 62% of firms worldwide would not step up cybersecurity spending after a breach that did not appear to do any damage, and one has a sense of how lightly many firms still regard cybersecurity.

How do hackers penetrate companies’ systems? The top control issue that led to breaches, according to those polled, was end-user awareness. Some company employees are fooled into engaging with emails that appear legitimate, inadvertently opening the door for attackers to access internal systems.

Increasing enterprises’ potential vulnerability is the Internet of Things (IoT), which, simply put, is the rise in the number of devices that can connect to the internet. While the new technology could increase productivity and efficiency, 73% of respondents are concerned about poor user awareness and behavior around mobile devices. They are also concerned about their ability to pinpoint suspicious traffic over their networks (49%), track who has access to their data (44%), or be able to detect hidden and unknown zero-day attacks (40%).

Of course, there’s still limited adoption of IoT technology. Obstacles such as lack of skilled resources (43%), dearth of executive awareness or support (43%), and budget constraints (32%) are hindering the spread of IoT among companies.

Related stories:
Expect increased focus on cybersecurity in 2017
2017 compliance priorities announced