TORONTO—The biggest risk to a company’s cybersecurity is its own employees, according to Ernst & Young’s (EY) Global Information Security Survey.
Employees engaging with malicious emails disguised as authentic correspondence accounted for 43 per cent of grievous corporate cyber breaches in 2016. These digital Trojan Horses, known as phishing attacks, are a significant cybersecurity problem, but they are not the only threat companies have to contend with.
The Global Information Security Survey is a yearly poll of cybersecurity issues that captures responses from companies around the globe and in 20 different industry sectors.
The survey found that not only are companies vulnerable to phishing, but poorly secured internet-facing systems—which resulted in 11 per cent of breaches—and outdated or unpatched security systems—8 per cent of breaches—are also major issues.
60 per cent of Canadian companies said that these control failures led to their most consequential cyber breaches.
The survey highlights the biggest cybersecurity problems that Canadian companies are wrestling with:
“Organizations have stepped up their cyber efforts in the last few years, but these results still point to a gap,” said Abhay Raman, EY’s Canadian cybersecurity leader. “Creating a robust cybersecurity program is a long, focused process, and many companies haven’t taken that step.”