#CyberFLASH: 51% of Canadian respondents to cybersecurity study have experienced loss or exposure of sensitive information

10712553More than half (51%) of Canadian respondents to a cybersecurity study have experienced an incident involving the loss or exposure of sensitive information within the last 12 months, Toronto-based IT firm Scalar Decisions Inc. said on Tuesday.

Commissioned by Scalar, the second annual security study involved a survey of 654 IT and IT security practitioners in Canada, with research independently conducted by Ponemon Institute. Respondents – the majority of whom reported their position at or above the supervisory level – came from a wide variety of industries and nearly two-thirds worked at companies with between 251 and 5,000 employees in Canada, said Scalar, which has offices in Vancouver, Edmonton, Calgary, Winnipeg, London, Toronto, Ottawa and Montreal.

Respondents to the survey, titled The Cyber Security Readiness of Canadian Organizations, reported an average of 40 cyberattacks per year, an increase of 17% over last year’s report. Seventy per cent reported that their organizations experienced situations where exploits and malware have evaded their intrusion detection systems, and 82% said that cyberattacks evaded their antivirus solutions.

On average, over the last 12 months, organizations spent approximately $7 million each on the following: damage to reputation and marketplace image ($2.6 million); damage or theft of IT assets and infrastructure ($1.6 million); disruption to normal operations ($1.1 million); lost user productivity ($950,625); and clean up or remediation ($766,667). With organizations reporting an average of 40 attacks per year, this makes the average cost per attack approximately $175,000.

In terms of response, only 38% of respondents said that their organizations have systems and controls in place to deal with advanced persistent threats (APTs), and organizations have an average of almost one separate APT-related incident per month, the study found. IT downtime, business disruption and theft of personal information were the primary consequences of APTs or zero-day threats experienced.

Read more here

#CyberFLASH: Are Canadian firms lagging behind with IT security?

rb-ca-securityAre Canadian companies lagging behind our U.S. counterparts when it comes to strategic information technology spending? I recently had lunch with a friend and that troubling question arose.

My friend works for a multi-national information technology (IT) company. We ended up chatting about some pressing topics in our industry – new cyber threats, government surveillance, large-scale security breaches, among others.

What was disconcerting was that he mentioned that based on his experience working on both sides of the border, he sees Canadian companies trailing behind our U.S. peers in investments in people, process and tools when it comes to information security.

“Companies in Canada aren’t really seeing the need to invest and executives don’t understand the risks,” he said.

This begs the question: Are we less vulnerable to these kinds of security threats than our U.S. neighbours?

The answer is no. In 2013, Symantec released our annual Norton Report that showed the cost of cybercrime to Canadians was $3-billion for the year, more than twice the cost from the previous year. And while attacks targeting institutions like government agencies and retail giants may seem to be most prevalent and serious given the exposure they receive in the media, the reality is, no organization is immune.

Read more here

#CyberFLASH: Mock email scam at Justice Canada snares hundreds of bureaucrats


OTTAWA—Many of the Justice Department’s finest legal minds are falling prey to a garden-variety Internet scam.

An internal survey shows almost 2,000 staff were conned into clicking on a phoney “phishing” link in their email, raising questions about the security of sensitive information.

The department launched the mock scam in December as a security exercise, sending emails to 5,000 employees to test their ability to recognize cyber fraud.

The emails looked like genuine communications from government or financial institutions, and contained a link to a fake website that was also made to look like the real thing.

The Justice Department’s mock exercise caught 1,850 people clicking on the phoney embedded links, or 37 per cent of everyone who received the emails.

Read more here

#CyberFLASH: Google runs afoul of Canadian privacy law


TORONTO — Google has been caught afoul of the law by displaying web ads linked to a person’s health history, according to Canada’s interim privacy commissioner Chantal Bernier.

An investigation by her office backed up a man’s complaints that he was seeing so-called behavioural advertisements based on his web browsing history. After searching for information about devices to treat sleep apnea, he began to see ads for those devices as he browsed the web.

While behavioural advertising is not illegal, Canada’s privacy law does not allow consumers to be targeted based on “sensitive personal information,” including their health.

Google’s privacy policy outlaws displaying advertisements based on race, religion, sexual orientation or health. But the Mountain View, Calif.-based company acknowledged that some advertisers using its ad-serving platform were not following the policy.

Read more here

LivingSocial cyber attack affects millions of customers


SAN FRANCISCO – LivingSocial, the second-largest daily deal company behind Groupon Inc, said on Friday it was hit by a cyber attack that may have affected more than 50 million customers.

The attack hit customers in the United States, Canada, the U.K., Ireland, Australia, New Zealand, Malaysia, Southern Europe and Latin America.

The company said the attack on its computer systems resulted in unauthorized access to customer data, including names, email addresses, date of birth for some users and “encrypted” passwords.

Read more here

Canadian Small and Medium Business Data Remains Vulnerable to Attack

PTGi (Primus Telecommunications Group Inc.) announced today that according to a recent survey of small and medium business owners and IT decision makers, Canadian businesses are leaving themselves increasingly vulnerable to the loss of data and the potential for a privacy breach despite a series of high-profile incidents in which confidential information on company servers has been compromised.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.