On the morning of Jan. 3, an email was sent from the Indonesian Embassy in Australia to a member of the premier of Western Australia’s staff who worked on health and ecological issues. Attached was a Word document that aroused no immediate suspicions, since the intended recipient knew the supposed sender.
Canadaâs ccTLD registry has published the results of their 2019 Cybersecurity Survey Report that found 71% of organisations reported experiencing at least one cyber-attack that impacted the organisation in some way, including time and resources, out of pocket expenses and paying a ransom.
âNow more than ever, Canadians need trust in the internet,â said Byron Holland, president and CEO, CIRA. âWe believe that security is the foundation of that trust which is why we have leveraged our experience safeguarding the .CA domain to help Canadian organisations protect themselves and their users.â
The report provides an overview of the Canadian cybersecurity landscape and surveyed more than 500 individuals with responsibility over IT security decisions at both private and public sector institutions across Canada to learn more about how they are coping with the increase in cyber threats.
The full report, released as part of CIRAâs Cybersecurity Awareness Month activities, also found 96% of respondents said that cybersecurity awareness training was at least somewhat effective in reducing incidents while only 22% conducted the training monthly or better.
Other key findings were:
- Only 41% of respondents have mandatory cybersecurity awareness training for all employees.
- Among those businesses that were victimised by a cyber-attack, 13% indicated the attack damaged their reputation. This perception is a sharp contrast to the findings of CIRAâs recent report: Canadians deserve a better internet, which indicated that only 19% of Canadians would continue to do business with an organisation if their personal data were exposed in a cyber-attack.
- 43% of respondents were unaware of the mandatory breach requirements of PIPEDA.
- Of those businesses that were subject to a data breach, only 58% reported it to a regulatory body; 48% to their customers; 40% to their management and 21% to their board of directors.
- 43% of respondents who said they didnât employ dedicated cybersecurity resource cited lack of resources as the reason. This is up from 11% last year.
âWhile technical solutions are important, the best layer of security for any organisation are cyber-aware employees,â said Jacques Latour, chief security officer, CIRA. âWe are happy to see more organisations embracing cybersecurity awareness training as a critical element of their defence. However, there is more work to be done to ensure the quality and rigor of the training offered keeps pace with the ever-changing world of cybersecurity.â
The full report is available to download from: https://cira.ca/resources/cybersecurity/report/2019-cira-cybersecurity-survey