TORONTO – While the overall number of IT security attacks are dropping, the rise of mobile computing and the growing sophistication of attacks are posing a new threat, according to the Telus and Rotman School of Management's fourth annual study on Canadian IT security.
The study, released Tuesday, surveyed more than 600 Canadian IT professionals across government, public and private sectors, providing insight on the Canadian security landscape, especially as it relates to emerging trends in breaches, threats and preparedness.
The top three breaches reported in 2011 include viruses and malware (46%), laptop or mobile hardware device theft (22%), and phishing/pharming (20%). Overall threats dropped nearly 50% from last year, to an average of 7.6 breaches per year compared to 14.6 in 2010, the first year the study has seen the trend toward rising breach numbers reverse since the aftermath of the 2008 financial crisis.
Public organizations surpassed government agencies in the annual number of breaches for the first time since the beginning of the study (18 breaches for public companies against 17.3 for government organizations). This may be attributed to improvements in detection capabilities and monitoring enabling increased visibility into emerging platforms such as mobile devices, the study continued.
In addition, the 2011 study reveals that insider breaches are on the decline with 22% of breaches caused by insiders compared to 25% in 2010. However, government is trending in the opposite direction, as insider breaches grew by 28% since 2010, and are up 68% since 2008.
"After four years of study, we are noticing an alarming trend toward attacks that are becoming more targeted, focusing on specific individuals and their data for financial gain," said Yogen Appalraju, vice-president of Telus security solutions, in the report’s press release. "These attacks are also reported less frequently, as they are much harder to detect and ultimately pose even greater risks. Organizations need to make continued, proactive investment in security to manage how breaches are evolving and the impact that they can have."
