Within the past two years a Canadian organization quietly had to pay millions of dollars in fines to credit card companies after a data breach.
Few know that, which may be the reason why most Canadian IT pros don’t see the danger of their organization suffering a data breach, according to a Trustwave survey of 1,000 of them in United States, the U.K. and Canada.
Sixty eight per cent of respondents here think their organization’s customer data is safe from attack, the report shows. Interestingly, the same number in the U.S. think that too, despite the record numbers of intrusions reported last year. On the other hand, UK respondents are even cockier: 80 per cent think their firms are safe from threats.
At the same time Canadian respondents are more worried about intellectual property theft. Only 32 per cent of respondents think their organization’s IP is safe.
“We still seem to be lagging with respect to the level of threat that’s out there,” Brent Davidson, Trustwave Canada’s vice-president of sales, said in an interview.
“That surprises me. Compared to other geographies we still don’t seem to be taking security as seriously, putting a level of budgets against it”
“It think a lot of it is the lack of breach notification laws in Canada, so organizations don’t hear about breaches. I think there’s an assumption that Canada isn’t getting hit as hard as the rest of the world. And I think that creates a false sense of security.
“On top of that people believe technologies like EMV (the credit card chip and pin standard) are protecting us, maybe more than they actually are.” EMV prevents credit cards fraud, he said, but not security breaches.
What will shake up the attitude of Canadian IP pros will be a very bad data loss, he agreed.
At Trustwave “we’re seeing breaches in Canada that the general public never hears of ,” he said, including e-commerce sites, restaurants, in the hospitality industry and coffee shops.
The biggest in the past two years was a “fairly large franchise restaurant organization that had a multiple location breach,” and a “hospitality organization” with multiple locations that had to pay “millions of dollars in fines” to credit card issuers for not having secure enough systems.
For customer confidentiality reasons he couldn’t give details.
Federal legislation mandating breach notification to customers and the Privacy Commissioner, Bill S-4, has passed the Senate and is now being before the House of Commons.
Other combined survey results show that
–50 per cent of respondents from the three countries noticed a large increase in pressure from management last year to secure their organization. About the same expect pressure to increase in 2015;
–57 per cent of respondents said they had been pressured to unveil IT projects that were not security ready. Just over half of respondents said they felt the most pressure from owners, board and C-level executives;
–Among emerging technologies, 45 per cent of IT and security pros were most pressured to use or deploy the cloud in 2014;
–61 per cent want the size of their IT security team doubled and 14 per cent wanted it quadrupled (or more than quadrupled).