OTTAWA – Just over half of small businesses provide cybersecurity training for their employees, even though phishing attacks – one of the most common forms of malware – directly exploits employees as a point of weakness, says new data from the Canadian Internet Registration Authority (CIRA).
Released Monday, the 2018 CIRA Cybersecurity Survey provides an overview of the Canadian cybersecurity landscape to provide a snapshot of how businesses are coping with the increase in cyber threats. It contains responses from 500 individuals with responsibility over IT security decisions at small and medium-sized businesses across Canada, including both business owners and employees who manage information technology.
Key findings from the survey include:
– 40% of respondents experienced a cyberattack in the last 12 months, and one in ten experienced 20 or more attacks;
– Among larger businesses with 250-499 employees, the number who experienced an attack increases to 66%;
– 67% of respondents outsource at least part of the cybersecurity footprint to external vendors;
– While 59% of respondents said they stored personal information from customers, 38% said they were unfamiliar with the Personal Information Protection and Electronic Documents Act (PIPEDA);
– Although 78% say they were confident in their level of cyber threat preparedness, 37% didn't have anti-malware protection installed and a shocking 71% did not have a formal patching policy – exposing these organizations to massive security holes.
“Training and awareness are critical to ensuring your business is cyber-secure”, said CIRA’s chief security officer Jacques Latour, in the report’s news release. “No matter how great your IT team is, anyone with a network-connected device can be the weak point that brings your business down.”
