As many as 60 per cent of Canadian businesses do not have a security strategy or and unsure how to prepare their networks for potential cyber attacks, according to a recent report from network gear vendor Cisco.
Cisco commissioned analyst firm IDC Canada to conduct two online surveys of 2,000 Canadians and 498 Canadian organizations across different sectors and business sizes through August and September this year to determine the security posture of local businesses.
The respondents were asked about security policies, practices and recent cyber attacks at their business. Respondents were also queried about their security preparedness for new IT consumption models such as mobile and cloud-based applications.
Cisco said the findings indicate that many Canadian businesses operate without any security strategy for their networks and are “woefully unprepared” to take advantage of opportunities and benefits created by trends technologies associated with the Internet of Things.
Among the key findings were:
- 6 out of 10 businesses either do not have a security strategy in place, and/or are unsure whether their security strategy accounts for an evolving data centre and IT consumption model, or do not have a strategy to prepare for these changes.
- Nearly one in 10 (8 per cent) of Canadian businesses overall are still unsure whether they experienced a security threat, attack or breach on their network in the last 12 months.
- 15 per centof Canadianbusinesses still do not have a security strategy in place.
- 1 in 5 (22 per cent) Canadian businesses report they have experienced a threat, attack or breach in the last 12 months.
- Canadian businesses with less than 100 employees are the most likely to not have a security strategy (26 per cent), while mid-sized businesses are the least likely to have a strategy in place for changing IT consumption models (25 per cent).
- One in three (31 per cent) of Canada’s largest companies are unsure whether their IT security strategy accounts for evolving data centre and IT consumption models.
“It’s concerning to see such overall confusion about security today, especially given all the new connections between people, processes, data, and things, but the good news is Canadian businesses have the right knowledge to make changes to their current predicament, and realize the value of the Internet of Everything,” Ahmed Etman, general manager of cyber security, Cisco Canada. “Our findings indicate 95 per cent of Canadian businesses know whether or not they protect company data on employee-owned devices. The challenge now becomes changing security practices so they have the right level of protection for our connected world.”
The survey also found Canadian businesses are deficient in providing security associated with bring-your-own-device practices:
- Less than 60 per cent of Canadian businesses have IT solutions in place to protect company data on employee-owned devices.
- Nearly a quarter (24 per cent) of employed Canadians use a personal device for work despite being employed by a company that does not allow this practice. Another 11 per cent do so without knowing if it is allowed by their employer or not.
- The Canadian businesses most prepared to protect company data on employee-owned devices are those with more than 1000 employees (64 per cent). Those least prepared are businesses with less than 100 employees (44 per cent).
- Almost half (48 per cent) of employed Canadians believe they are allowed to bring and use personal devices on the corporate network, while 57 per cent of Canadian businesses believe they have IT solutions in place to protect data on employee-devices.
“What is troubling for Canadian businesses is that these results only represent known breaches and attacks, so it brings up the possibility that small, mid-size and even public sector organizations are actually experiencing more breaches and attacks than enterprises, but they are less aware,” said Warren Shiau, buyer behaviour research practice, IDC Canada.