#CyberFLASH: Canadian companies have no incentive to report cyber attacks


Canadians are clueless about the vast majority of corporate data hacks because companies suffer greater financial losses when they reveal they’ve lost data than when they keep consumers in the dark.

Wednesday’s cyber attack on infidelity site Ashley Madison shone a spotlight on a risk that usually lurks in the shadows because of a lack of regulation, experts say.

“The security at Canadian organizations today is inadequate,” said Claudiu Popa, CEO of cybersecurity firm Informatica Corp.

“We don’t have a law that is prescriptive enough to tell companies that they absolutely need to buy this or that type of technology.”

Sometimes, he said, companies don’t even know they’ve been targeted.

Although the government must report data breaches such as last year’s Heartbleed attack at the Canada Revenue Agency, private companies have no such requirement.

The Ashley Madison data leak might not have come to light if hackers hadn’t announced it, Popa said. The 2013 Target Corp. breach, which also affected Canadian customers, was revealed partly because of reporting requirements in the United States, which imposes fines on companies that allow consumers’ files to be exposed.

“It’s in their best interest to play along and to invest in more sophisticated technology for detection and prevention,” Popa said.

“That’s really what’s lacking in Canada today.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.