83% of Canadian firms were breached last year

According to a report released by Carbon Black this week, 83% of the 250 Canadian CIOs, CTOs and CISOs questioned as part of a global survey said their organizations had suffered a cybersecurity breach over the last year.

Of those surveyed, 22% said their firm had been breached over five times.

In comparison to this, only last year a survey of 10,000 Canadian businesses by Statistics Canada found that just 21% of respondents had had their operations affected by a cybersecurity incident.

IT World Canada reported Tom Kellermann, Carbon Black’s chief cybersecurity officer, as saying: “A lot of organizations don’t want to acknowledge or even understand if they have been breached, so for the senior leadership that respond to other surveys – the CEOs, CFOs or even general counsel – it’s better for them to say it hasn’t happened.”

He went on to state that the 250 participants were all vetted, in terms of their understanding of technology and the security posture of their organizations, prior to their inclusion in the report.

He said he’s confident the 83% number is valid for the respondents surveyed.

Kellermann said: “The stat is pretty damning, but then again more organizations get breached every year.

“Cyberspace has become a free-fire zone and a lot of that’s due to traditional architectures of security that were espoused by the standards bodies and regulatory bodies… are failing because they’re based on a kill-chain that is no longer the mainstream form of hacking.”

Kellermann also noted that 50% of Canadian respondents to the Carbon Black survey believed they were being targeted through their supply chains.

Of those 30%, respondents thought their company web sites had been used for ‘watering-hole’ attacks, where visitors to the websites get infected, which shows “that the hacker community is using your trust relationships, and is also willing to use your brand to target your constituency,” according to Kellerman.

He went on to state: “The most important finding in this study, aside from professional services being the most targeted industry and the increase in sophistication of attacks, is that ‘island hopping’ is becoming very mainstream.

“The goal of hackers is no longer smash-and-grab burglary it’s ‘home invasion’ – they want to occupy space and use that network to target those who trust it.”

Of the Canadian respondents to Carbon Black’s survey, 20% said the primary causes of successful breaches were phishing attacks, 14% ransomware and third-party application breaches and 12% process weaknesses.