Data Breaches in Canada Rampant; Alertness Critical

By Joel Cuttiford

According to a study by Statistics Canada, more than a third of Canadian businesses surveyed claim to have suffered a significant data breach in the past year that could put their clients or organization at risk.

That figure could be even higher, as the same study found that 56 percent of the 236 Canadian respondents said they believed that threats sometimes went undetected.

“Even the best-protected networks have regular security incidents,” Jeff Debrosse, director of security research for Websense, told the Canadian Press. “It’s a 24-7 onslaught. It’s a barrage of attacks and attempts to penetrate the defenses.” 

Debrosse said that it is a real challenge for organizations to understand their vulnerabilities, much less prevent breaches.  Though technology is improving, he stresses the importance of sharing information regarding attacks within and among organizations.

“It’s not just about the vendors; it’s about creating this ecosystem of threat intelligence.  And that’s a very important area of focus today,” Debrosse says.

Statistics Canada’s report, which was commissioned by Websense, said one quarter of those reporting a breach said that client or proprietary information had been corrupted, stolen or accessed without authorization.  But again, the actual figure could be even higher, as some companies are reluctant to report cyberattacks out of fear of losing customers.

Two recent, highly publicized Canadian cyber breaches involved the federal government.  At present, there is no federal law requiring private companies to disclose breaches to the government or those affected.  But that could change with Bill S-4, the Digital Privacy Act, now before Parliament.

The act would make it mandatory for federally regulated businesses and federal government agencies to report significant breaches to the federal privacy commissioner and to customers and clients whose private information was leaked.

The report also found that 89 percent of the respondents said they personally know another security professional whose company had sensitive or confidential data stolen as a result of an inside threat. 

How can a business prevent such breaches?  It all begins with awareness.  The survey found that 23 percent of the Canadian cyber security teams never speak with their executive teams.  Of those who did, nearly half did so only annually or semi-annually, while a mere two percent spoke weekly with executives about security.

“If the conversation is happening less than monthly,” Debrosse says, “That’s a pretty significant problem.”

There needs to be an ongoing assessment of what personnel, software, hardware or outside security vendors are required to handle the risk.  Management also needs to understand the potential costs of a breach so that they can be included in the company’s financial decisions regarding security.

“If they’re not calculating the probability of a cyber event (and) loss due to various incidents, when they're hit with one of them it is a major ordeal,” Debrosse says.


Featured Articles

Top 20 essential leadership resources for Black executives

To celebrate Black History Month, here are 20 resources for Black leaders – from business books to leadership coaches to business school exec programs

Broadridge study reveals huge impact of AI on C-suite

Broadridge Financial Solutions spoke to 500 C-suite executives from across the globe, many of whom said AI was significantly changing the way they work

PwC's Kathryn Kaminsky – the role of boards on social issues

As Vice Chair Trust Solutions Co-Leader at PwC, Kathryn Kaminsky says boards play an important role in helping businesses take action on social issues

Why your business needs a Chief Transformation Officer

Leadership & Strategy

12 top AI and ML trends for the enterprise in 2023 – Dataiku

Technology & AI

From NYC to Hong Kong, the rise of the private members' club

Leadership & Strategy