How secure Canadian companies feel about their IT security is a source of constant debate: Surveys range from confident to apprehensive, and it often depends on whether there’s been a recent large scale network intrusion.
The latest is a global survey of IT security practitioners from security vendor Websense that included 5,000 respondents from 14 countries including Canada, the U.S., France, the U.K., China and India. It has some sobering results.
Just over one-third of the Canadian companies that participated said they had experienced one or more “substantial” cyber attacks in the previous 12 months that infiltrated networks or enterprise systems. By comparison 44 per cent of all respondents said they had suffered a substantial attack.
More than half of the 236 Canadian respondents (56 per cent) believe cybersecurity threats sometimes fall through the cracks of their companies’ existing security systems.
Only 29 percent of Canadian respondents could say with certainty that their organization lost sensitive or confidential information as a result of a cyber attack. Twenty-seven per cent of those who had lost sensitive or confidential information did not know exactly what data had been stolen.
Among the other findings:
–Fifty-six per cent of Canadian respondents didn’t think their organization was protected from advanced cyber attacks; 59 per cent doubted they could stop the exit of confidential information;
–Forty-seven per cent of respondents said their companies don’t have adequate intelligence or are unsure about attempted attacks and their impact;
–Less than half (43 per cent) believe they have a good understanding about the cyber threats facing their organization;
— 39 per cent said their security solutions do not inform them or they are unsure if their solution can inform them about the root causes of an attack;
–Seventy-seven per cent of Canadian respondents say their company’s leaders do not equate losing confidential data with a potential loss of revenue.
Jeff Debrosse,Websense’s director of security research, said in an interview the survey suggests IT professionals in 14 countries believe they don’t have the resources to fight cyber attacks. Overall, 66 per cent of respondents feel threats can fall through the cracks in their organizations’ defences. That means, he said that the 44 per cent who apparently think things are fine could represent a false sense of security.
“Everyone’s got security challenges,” he said, and eventually an attacker will get through. That’s why layered defences are important.
The problem with surveys like this is sometimes they have conflicting answers. For example, 47 per cent of Canadian respondents said their companies don’t have adequate ITsecurity intelligence or are unsure about attempted attacks and their impact. Yet 43 per cent believe they have a good understanding about the cyber threats facing their organization.
Debrosse said that could mean respondents have doubts about their company’s security platform, but are confident about their own security knowledge level.
Given the regularity of attack disclosures, it’s logical that many IT pros are insecure. Debrosse agreed, saying some think that because we’ve been struggling with hackers for over a decade IT should be really good at defense. But it’s a fluid situation, he said, with attackers moving “incredibly swiftly.”
Among Websense’s recommendations
–organizations should deploy an all-encompassing defense strategy that incorporates web, email and mobile channels – and don’t focus on just one;
–assess security solution capabilities and deployments against a comprehensive kill-chain model to eliminate gaps and minimize excessive overlap;
–educate staff on the seriousness of cyber attacks to reduce high risk behavior.
“Some people tell me it’s a losing war,” Debrosse added. “I don’t subscribe to that” – because if we do, he added, “then the attackers have gained a foothold.”
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."