How are Canadian businesses performing in cybersecurity?

How are Canadian businesses performing in cybersecurity?

Cybercrime will always become more dangerous over time. More hackers are finding new techniques to trick not just consumers, but also businesses of all sizes into handing over sensitive data and swindle them of their hard-earned money.

Statistics Canada recently shared the latest data regarding the state of cybersecurity in the country. It contains a bird’s-eye view of the threat landscape in all enterprises. Let’s take a look at some key takeaways of the study, along with pointers on how organizations can keep themselves protected.

Large enterprises are more susceptible to attacks

According to the survey, more than one in five Canadian companies were hit by a cyberattack in 2018. Interestingly, the most affected industries were those from critical infrastructures such as management, finance and insurance, utility, and information and telecommunication companies.

Furthermore, 41% of large enterprises reported having experienced at least one cybersecurity incident. This is significantly smaller compared to 19% of small firms. Among those who suffered a cybersecurity incident, 39% could not identify the motive behind the attack. However, 38% reported that the motivation of the attack was to steal money and demand a ransom, with 1.6% of victims giving in to the hacker’s demands. Other incidents involved attempts to access unauthorized areas and steal personal and financial information.

Canadian firms have poor proactive security protocols

Since cyberattacks can happen to anyone at any time, companies aren’t taking any chances when it comes to their data. The study found that 76% of Canadian firms have anti-malware software installed, while 74% make use of firewalls and proxy servers.

However, it seems less than half of Canadian business are using web security solutions such as distributed denial-of-service (DDoS) mitigation and HTTPS. The same goes for identity and access management, which involves making strong passwords. Only 28% of companies make an inventory of their IT equipment, use application whitelisting, and perform scheduled software updates.

These findings show that many companies want to stay protected, but lack the necessary resources to defend themselves from cybercriminals who are becoming more proficient at finding system vulnerabilities.

Perpetrators are well aware that many businesses can neglect to install updates, and they use this as an effective attack vector. For instance, while your firm might be using modern versions of programs such as Microsoft Office, you’ll still be vulnerable to attacks if you don’t regularly install security updates.

Multifactor authentication, which adds another form of identity verification on top of passwords like a fingerprint scan or a temporary SMS activation code, is often overlooked, making it easy for hackers to infiltrate the accounts of people who use weak, easy-to-guess passwords.

Information security is a priority for Canadian businesses

To confront the growing risks in the digital world, Canadian enterprises spent $14 billion on cybersecurity in 2017. According to Statistics Canada, businesses primarily shelled out money to protect sensitive information (68%), and prevent fraud and theft (41%). Others were concerned about protecting their reputation, preventing downtime and outages, and complying with regulations.

And it’s not surprising why firms are spending so much: cybersecurity disasters are preventing employees from performing their tasks, and limiting the use of resources and services such as desktops and email. Security incidents also directly contribute to a significant loss of revenue.

Alarmingly enough, only 10% of the enterprises surveyed reported incidents to the police. This is a direct violation of the Personal Information Protection and Electronic Documents Act (PIPEDA) as of the November 2018 update, which requires businesses to publicly disclose data breaches to clients, keep records of the incidents, and report them to the Privacy Commissioner of Canada.

How to protect your business

Cyberthreats will continue to evolve dramatically and pose problems for businesses. It was even reported that Canada is a prime target for cybersecurity attacks in 2019. That's why you should follow the tips below to protect your organization from cyberattacks:

  • Update and test your backup and disaster recovery plans (BDRPs) at least twice a year
  • Use multifactor authentication such as fingerprint scanning and temporary SMS codes to prevent account hijacking
  • Stay informed of security risks by reading security blogs
  • Educate employees about potential threats like phishing and oversharing personal information online.

Preventing cyberattacks will always be better than recovering from them. For the best results, you can partner with a managed IT services provider (MSP) like Dyrand Systems, which will proactively monitor your network 24/7/365. The best part? MSPs charge a flat monthly fee, and won’t cost as much as paying an employee a full-time salary.

Don’t fall victim to cyberthreats. Here at Dyrand, we ensure that your business will have a worry-free IT infrastructure by constantly watching for potential threats and fixing them before they infect your system. Want to know more? Give us a call today.


Nicholas Drayer

Nicholas Drayer

Managing Director