Data Breaches in Canada Rampant; Alertness Critical

By Joel Cuttiford
Share

According to a study by Statistics Canada, more than a third of Canadian businesses surveyed claim to have suffered a significant data breach in the past year that could put their clients or organization at risk.

That figure could be even higher, as the same study found that 56 percent of the 236 Canadian respondents said they believed that threats sometimes went undetected.

“Even the best-protected networks have regular security incidents,” Jeff Debrosse, director of security research for Websense, told the Canadian Press. “It’s a 24-7 onslaught. It’s a barrage of attacks and attempts to penetrate the defenses.” 

Debrosse said that it is a real challenge for organizations to understand their vulnerabilities, much less prevent breaches.  Though technology is improving, he stresses the importance of sharing information regarding attacks within and among organizations.

“It’s not just about the vendors; it’s about creating this ecosystem of threat intelligence.  And that’s a very important area of focus today,” Debrosse says.

Statistics Canada’s report, which was commissioned by Websense, said one quarter of those reporting a breach said that client or proprietary information had been corrupted, stolen or accessed without authorization.  But again, the actual figure could be even higher, as some companies are reluctant to report cyberattacks out of fear of losing customers.

Two recent, highly publicized Canadian cyber breaches involved the federal government.  At present, there is no federal law requiring private companies to disclose breaches to the government or those affected.  But that could change with Bill S-4, the Digital Privacy Act, now before Parliament.

The act would make it mandatory for federally regulated businesses and federal government agencies to report significant breaches to the federal privacy commissioner and to customers and clients whose private information was leaked.

The report also found that 89 percent of the respondents said they personally know another security professional whose company had sensitive or confidential data stolen as a result of an inside threat. 

How can a business prevent such breaches?  It all begins with awareness.  The survey found that 23 percent of the Canadian cyber security teams never speak with their executive teams.  Of those who did, nearly half did so only annually or semi-annually, while a mere two percent spoke weekly with executives about security.

“If the conversation is happening less than monthly,” Debrosse says, “That’s a pretty significant problem.”

There needs to be an ongoing assessment of what personnel, software, hardware or outside security vendors are required to handle the risk.  Management also needs to understand the potential costs of a breach so that they can be included in the company’s financial decisions regarding security.

“If they’re not calculating the probability of a cyber event (and) loss due to various incidents, when they're hit with one of them it is a major ordeal,” Debrosse says.

Share

Featured Articles

Companies Wasting Millions on AI Spending - MIT Professor

KPMG survey says 81% of US executives worry about lagging behind on tech but MIT economist says AI will only replace 5% of jobs

6 Biggest Challenges Facing Incoming Nike CEO Elliott Hill

Incoming Nike CEO Elliott Hill faces huge challenges trying to reverse the fortunes of the legacy US sportswear giant

Anthony becomes first female CEO of Big Four accounting firm

EY appoints Anna Anthony to lead its UK and Ireland business, the first time a Big Four accounting firm has had a permanent female CEO

Nearly Quarter of CEOs Firefighting Sexual Misconduct Crises

Human Capital

What Autumn Budget 2024 Means for CEOs

Corporate Finance

What you need to know now about sexual harassment at work

Leadership & Strategy