Monday, October 25, 2021

Many Canadian firms knuckle under to ransomware demands, survey suggests

Many Canadian organizations hit by ransomware feel they have no choice but to pay to either get stolen data back or to get their data decrypted, a new survey suggests.

The survey of 510 organizations released this morning by the Canadian Internet Registry Authority (CIRA), which oversees the .ca domain, found 17 per cent of respondents said they had been hit by ransomware.

Of that group, 69 per cent said their organization paid the ransom demands. Fifty-nine per cent said that data was exfiltrated in the attack.

Interestingly, nearly two-thirds (64 per cent) support legislation that would prohibit paying ransom demands. “Organizations may be paying extortion fees because they fear damage to their public image,” the report noted.

The report is part of CIRA‘s annual Cybersecurity Survey of cybersecurity decision-makers and was released one day ahead of the authority’s participation in IT World Canada’s three-day MapleSEC virtual conference, which starts Tuesday.

Among other findings

  • Nearly all (95 per cent) indicate that at least some of the new COVID-19-related cybersecurity protections adopted by respondents and their firms will be permanent;
  • Over one-third (36 per cent) indicate that the number of cyber attacks has increased during the pandemic, up from 29 per cent saying so this time last year;
  • Most organizations (93 per cent) conduct cybersecurity awareness training, and it is mandatory for employees at 43 per cent of organizations;
  • Most organizations in the survey create training material and promote it internally (61 per cent up from 54 per cent in 2019). Forty-four percent said they conduct phishing simulations. Forty-six per cent said they do training quarterly. However 44 per cent said awareness training is only done once a year;
  • Six in 10 (59 per cent) organizations have cybersecurity insurance coverage as part of their business insurance. Three in 10 (29 per cent) have a cybersecurity-specific policy.
  • Most organizations with cybersecurity coverage say their provider has increased premiums or requested proof of the corporate cybersecurity measures in place.

“It feels like the pandemic forced 10 years of cybersecurity adoption to happen in about 10 weeks,” Mark Gaudet, CIRA’s general manager for cybersecurity and DNS services, said in releasing the survey. “The pivot to work-from-home and employees using their own devices really increased the number of security threats facing organizations, and the bad guys did everything they could to take advantage of the situation. But our survey shows that Canada’s security pros didn’t take it laying down. They got to work and implemented new policies, technologies, and security training boot camps for staff—protections they plan to keep in place long after the pandemic.”

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News