One-third of Canadian firms had a ‘substantial’ cyber attack: Report

How secure Canadian companies feel about their IT security is a source of constant debate: Surveys range from confident to apprehensive, and it often depends on whether there’s been a recent large scale network intrusion.

The latest is a global survey of IT security practitioners from security vendor Websense that included 5,000 respondents from 14 countries including Canada, the U.S., France, the U.K., China and India. It has some sobering results.

Just over one-third of the Canadian companies that participated said they had experienced one or more “substantial” cyber attacks in the previous 12 months that infiltrated networks or enterprise systems. By comparison 44 per cent of all respondents said they had suffered a substantial attack.

More than half of the 236 Canadian respondents (56 per cent) believe cybersecurity threats sometimes fall through the cracks of their companies’ existing security systems.

Only 29 percent of Canadian respondents could say with certainty that their organization lost sensitive or confidential information as a result of a cyber attack. Twenty-seven per cent of those who had lost sensitive or confidential information did not know exactly what data had been stolen.

Among the other findings:

–Fifty-six per cent of Canadian respondents didn’t think their organization was protected from advanced cyber attacks; 59 per cent doubted they could stop the exit of confidential information;

–Forty-seven per cent of respondents said their companies don’t have adequate intelligence or are unsure about attempted attacks and their impact;

–Less than half (43 per cent) believe they have a good understanding about the cyber threats facing their organization;

— 39 per cent said their security solutions do not inform them or they are unsure if their solution can inform them about the root causes of an attack;

–Seventy-seven per cent of Canadian respondents say their company’s leaders do not equate losing confidential data with a potential loss of revenue.

Jeff Debrosse,Websense’s director of security research, said in an interview the survey suggests IT professionals in 14 countries believe they don’t have the resources to fight cyber attacks. Overall, 66 per cent of respondents feel threats can fall through the cracks in their organizations’ defences. That means, he said that the 44 per cent who apparently think things are fine could represent a false sense of security.

“Everyone’s got security challenges,” he said, and eventually an attacker will get through. That’s why layered defences are important.

The problem with surveys like this is sometimes they have conflicting answers. For example, 47 per cent of Canadian respondents said their companies don’t have adequate ITsecurity intelligence or are unsure about attempted attacks and their impact. Yet 43 per cent believe they have a good understanding about the cyber threats facing their organization.

Debrosse said that could mean respondents have doubts about their company’s security platform, but are confident about their own security knowledge level.

Given the regularity of attack disclosures, it’s logical that many IT pros are insecure. Debrosse agreed, saying some think that because we’ve been struggling with hackers for over a decade IT should be really good at defense. But it’s a fluid situation, he said, with attackers moving “incredibly swiftly.”

Among Websense’s recommendations

–organizations should deploy an all-encompassing defense strategy that incorporates web, email and mobile channels – and don’t focus on just one;

–assess security solution capabilities and deployments against a comprehensive kill-chain model to eliminate gaps and minimize excessive overlap;

–educate staff on the seriousness of cyber attacks to reduce high risk behavior.

“Some people tell me it’s a losing war,” Debrosse added. “I don’t subscribe to that” – because if we do, he added, “then the attackers have gained a foothold.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now