The Current State of Cyber Security in Canada
The most current Canadian Cyber Security Strategy may be from 2010, but recently the Government of Canada is working toward renewing its approach to cyber security by holding a public consultation to review measures to protect critical infrastructure and Canadians from cyber threats.
And most recently, the Canadian Institute for Cybersecurity opened in New Brunswick as part of an economic development strategy called CyberNB, according to ITWorldCanada.com.
“[Cyber security] is the fastest growing area of IT and it will be for the next 20 years,” said Stephen Lund, CEO of Crown Corporation Opportunities NB.
Increasing Threats to Canada’s Cybersecurity
But what are Canadian organizations actually doing to protect themselves against new threats, and is it enough? About one in three targeted attacks in the past year resulted in a security breach for Canadian companies, according to an Accenture survey.
Last year, many Canadian universities and hospitals were victims of ransomware attacks that caused computers to go offline, disrupting service. In one event, ransomware infiltrated the hospital network via a phishing spam email with a malicious attachment, according to BeckersHospitalReview.com.
Investing in Cloud-Based Security
A report by PriceWaterCoopers (PwC) reveals that 64% of organizations in Canada are investing in cloud-based cybersecurity services.
Canadian Insights: The Global State of Information Security Survey reveals that Canadian organizations are increasingly adopting advanced authentication to protect access to their systems at 62%, up 7% from the year prior. Another 46% are investing in identity and access management.
One aspect of advanced authentication refers to using an additional factor to verify a user’s identity at login. The first factor may be their username and password, and a second factor (known as two-factor or multi-factor authentication) may be a push notification sent to their phone via a mobile authentication app.
The PwC survey reports that 57% are investing in multi-factor authentication, up 4% from the year prior, with 61% using software tokens, and 48% investing in smartphone tokens.
The PwC survey also found that Canadian organizations are investing in endpoint protection (50%), real-time monitoring and analytics (56%) and threat intelligence (46%).
In a report by Malwarebytes on ransomware, the security company found that Canadian organizations were the most likely to find that ransomware had entered their organization via smartphone or tablet.
One way to protect against malware is to check the security health of every device to ensure only Trusted Devices can access your applications and data. By vetting your endpoints, you can also apply device access policies to block any risky devices, including mobile phones that don’t meet your security standards.
Cost of a Data Breach in Canada
In 2016, the average per capita cost of a data breach over three years rose to $211 per breached record, a 12% increase from the year prior according to the 2016 Cost of a Data Breach Study: Global Analysis (PDF) by the Ponemon Institute.
The report found that detection and escalation costs were the highest in Canada - these include forensic and investigative activities, assessment and audit services, crisis team management and communications to the executive management team and board of directors.
Companies in the U.S. and Canada spent the most attempting to resolve a malicious or criminal attack at $236 and $230 per record. With 48% of all breaches in 2016 caused by malicious or criminal attacks, that’s not cheap.