TORONTO – Canadian companies and government entities experienced a 29% increase in security breaches from 2009 to 2010, according to an annual study.
The 2010 Telus/Rotman joint study on Canadian IT security practices found that government agencies are experiencing twice the number of breaches than companies in the private sector, with an almost 74% increase in one year. The increase can be explained by a significant investment in detection and response capabilities, which enable greater visibility into breaches and lower associated costs, the study said. It also noted a growing trend toward sophisticated attacks focused on customer and citizen data that can be sold or repurposed for financial gain.
While the annual cost of these security breaches dropped from $834,000 to $179,508 during the same one-year period, Yogen Appalraju, VP of Telus’ security solutions group said that companies must continue to invest in additional security.
“Canadian organizations are optimizing for today, but are still not doing enough to prepare for tomorrow," Appalraju said in a statement. "While the investment in defensive technology is proving effective with a decrease in breach costs, organizations are experiencing more focused attacks. There needs to be continued, proactive investment in security to reduce the number of breaches, to minimize costs to organizations and most importantly, to mitigate the risk to sensitive corporate data."
The study also found that one in four Canadian organizations are blocking access to social networking sites, citing security as the primary driver. However, in both the private and public sectors, organizations that block these sites experienced no improvement in security and could suffer a worsening of security as employees attempt to circumvent the block.
"We see a need to maintain control in an ever-changing threat environment, where attacks are designed to penetrate security using the latest technologies and processes," said Dr. Walid Hejazi, professor of business economics at the Rotman School of Management. "However, our research indicates that the adoption of social networking in the workplace is simply not a contributing factor to breach increases. The best course of action is to instil a sense of trust and educate employees on how to engage in social networking appropriately."
Click here for more on the third annual Canadian IT security report by Telus and the Rotman School of Management.
