Cybercrime in Canada

Cybercrime may not be the first thing that comes to mind when you think of Canada, but these day’s cybercrime is top of mind for many Canadian small and medium-sized businesses (SMBs).

In a recent survey of more than 1,000 people working in IT at Canadian companies with less than 500 employees, almost two-thirds (64%) said IT security and protection of business data was very important. Only two other activities were seen as more important: improving quality of products and services (68%), and growing client base and revenues (65%).

And Canadian SMBs have good reason to be concerned. The survey, conducted by Ipsos and sponsored by ESET, found that one in four Canadian SMBs with yearly revenues of $10 million or more had been hit by a cyberattack.

Relative to consumers, SMBs have more digital assets and cash that is worth targeting via criminal hacking. Relative to enterprises, SMBs have fewer cybersecurity protections in place.

This latest survey tends to validate the SMB sweet spot concept. It shows cyberattack risk spiking for Canadian SMBs once they reach $10 million in annual revenue, with one in four becoming victims, compared to only one in 10 firms with annual revenue under $10 million. Not that the latter have nothing to worrying about, far from it. For a start, many small firms are working hard to grow their revenues, but they might not be fully aware of the cybercrime risks inherent in such growth.

Making adequate financial provisions for dealing with increased cyber risks as your business grows is clearly a prudent strategy. However, it is not clear if Canadian SMBs are getting this message. For example, the survey revealed a disconnect among employees regarding, on the one hand, their company’s allocation of resources to cybersecurity, and on the other, confidence regarding their company’s level of protection from attack. While seven in 10 Canadians employed at SMBs feel their company is devoting enough resources to the issue, only one-third feel ‘very confident’ their company is safe from a cyberattack.

We sometimes see this type of disconnect when people are not fully aware of the threats that their organisations face from cybercriminals. For example, any organisation that is serious about cybersecurity will perform a risk analysis to determine what digital assets are at risk and what level that risk is at. If a firm is not aware that criminals can sell its customer data for good prices on black markets will little chance of arrest, or make money by renting out its hijacked servers for use in malicious activities, then that company is probably under-estimating its cyber risks.

Unfortunately, the survey revealed that less than one-third of Canadian SMBs are ‘very familiar’ with the concepts of ransomware, social engineering, and two-factor authentication, yet these are hot topics in cybersecurity right now. The implications are serious here because SMBs make up most of Canada’s economy, but the survey findings indicate that many of them would be unable to function for more than a few days without access to their data. Specifically, 65% of Canadian SMBs said they could only function for a few hours or days without access to their data, and a full 15% said they would have to cease functioning immediately.

The picture of Canadian SMB cybersecurity that emerges from this survey is of many good intentions and a broad awareness that cybercrime is a threat to organizations. For instance, 96% of SMB employees think backing up company files is important, and 92% think having IT security software installed on all devices is an important IT security measure. A very encouraging 88% place a strong emphasis on “training on your company’s IT security procedures”.

Yet much work remains to be done. Only 43% on SMB employees felt confident that their business and its reputation could “survive and thrive” after a cyberattack. And only 40% said they were “very satisfied” with their company’s current IT security policies, procedures, and products.

With clear evidence that the risk of cyberattack increases with revenue growth there is a definite need for Canadian SMBs to keep improving their awareness of threats and their ability to deflect them. And there is plenty of room to better align cyber policy, procedure, and product selection with the full range threats, because the threats are unlikely to diminish any time soon.

WeLiveSecurity:

 

« Bitcoin Just Isn’t Anonymous Enough
Nude Celebrity Photo Hacker Jailed »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

Lacuna Talent

Lacuna Talent

Lacuna Talent delivers the combined power of Via Resource, the international Cyber Security recruiter, and Lacuna Talent, the Specialist AI/Data recruiter.

Ionic Security

Ionic Security

Ionic provide a high-assurance data protection and control platform built on strong encryption, fine-grain control and contextual analytics.

IoT Now

IoT Now

IoT Now explores the evolving opportunities and challenges facing CSPs, and we pass on some lessons learned from those who have taken the first steps in next gen IoT services.

Greenbone Networks

Greenbone Networks

Greenbone Networks delivers a vulnerability analysis solution for enterprise IT which includes reporting and security change management.

BeDefended

BeDefended

BeDefended is an Italian company operating in IT Security and specialized in Cloud and Application Security with years of experience in penetration testing, consulting, training, and research.

Bright Machines

Bright Machines

Bright Machines delivers intelligent, software-defined manufacturing by bringing together our flexible factory robots with intelligent software, production data and machine learning.

Sweepatic

Sweepatic

The Sweepatic reconnaissance platform discovers and analyses all internet facing assets and their exposure to risk.

Envelop Risk

Envelop Risk

Envelop Risk is a global specialty cyber insurance firm, combining decades of insurance industry expertise with sophisticated cyber and artificial intelligence-based analytics.

Cognyte

Cognyte

Cognyte is a global leader in investigative analytics software that empowers a variety of government and other organizations with Actionable Intelligence for a Safer World.

Iconium Software

Iconium Software

DataLenz by Iconium offers continuous and real-time tracking of your data assets delivering you the tools you need to successfully reach and maintain your target security standards.

MyCISO

MyCISO

MyCISO is the World’s first SaaS application that will vastly simplify security management for all.

Allurity

Allurity

Allurity is a group of tech-enabled cybersecurity service providers, comprised of best-in-class experts with a common mission to enable a safe digital world.

MLSecOps Community

MLSecOps Community

The MLSecOps Community is a collaborative space for machine learning security experts and industry leaders to connect and shape the future of AI/ML security.

Dexian

Dexian

Dexian is a leading provider of staffing, IT, and workforce solutions with nearly 12,000 employees and 70 locations worldwide.

PDQ

PDQ

PDQ helps IT professionals to manage and organize hardware, software, and configuration data for Windows- and Apple-based devices.