Cyberattacks on the rise in Canada, study finds

TORONTO—The number, sophistication and severity of cyberattacks on companies in Canada are on the rise, according to the findings of a new study from Scalar Decisions Inc., a Toronto-based computer consulting firm.

Released Feb. 9, the study polled more than 650 Canadian IT and security workers.

The number of reported cyberattacks on Canadian organizations rose to an average of 44 attacks per year, up nearly 30 per cent since Scalar’s first cyber security survey in 2014. The vast majority of respondents also reported that both the severity, 81 per cent, and sophistication, 72 per cent, of attacks are increasing.

Study Findings:

• 41 per cent of respondents indicated their organization had systems in place to deal with advanced persistent threats (ATP’s), up from 38 per cent in 2016.
•  The most frequent compromises continue to be web-borne malware attacks, 76 per cent, followed by rootkits, 67 per cent.
•  Threats on the rise for 2017 include spear phishing, exploits of existing software vulnerability and botnet attacks.
•  Mobile devices, 75 per cent, and third party applications, 70 per cent, were identified as the greatest potential risks threatening IT environments.
•  Negligent third party risk has increased significantly since last year, along with negligent insider risk.
• There have been slight decreases in web-borne malware attacks, APTs, clickjacking, exploits of existing software vulnerability and zero day attacks since 2016.
•  On average, organizations represented in this study spent approximately $7.2 million on the following to remediate cyber security compromises:
  • clean up or remediation ($873,448)
  • lost user productivity ($963,663)
  • disruption to normal operations ($1.2 million)
  • damage or theft of IT assets and infrastructure ($1.7 million)
  • damage to reputation and marketplace image ($2.5 million)

Read the full study here.