Although they’re taking the threat of Web security breaches seriously, few of Canada’s C-level executives are worried about becoming the target of an attack anytime soon, according to the results of a national survey.
The results were made public at a security seminar hosted by IT World Canada Inc. (owner of ComputerWorld Canada) held in Toronto recently.
Sixty-one per cent of respondents said Internet security ranks among their top five concerns, and nearly three-quarters said they’re investing more money in security products now compared to 18 months ago.
But the poll of 150 Canadian business leaders, commissioned by Symantec Corp. and the Royal Canadian Mounted Police (RCMP), also found that few are equating those theoretical risks with day-to-day business. “A lot of organizations did not feel they were at a high risk (of attack),” said Andrew Bisson, director of planning and market analysis with Branham Group Inc., the Ottawa-based market research firm that conducted the study.
In February, Symantec revealed that companies worldwide averaged 30 attacks per week over a six-month period.
The survey also contradicted popular wisdom that companies fearful of what could happen to their reputations tend to keep their security breaches a closely guarded secret. It found that half of those polled – nearly 60 per cent of whom are CEOs – would have no problem admitting to a breach. Of those, 86 per cent said they would report a future breach to authorities.
Of the 50 per cent, 17 per cent admitted to past breaches.
Luc Filion, officer in charge of the RCMP’s technical security branch, said he encourages companies to report security breaches regardless of their intentions.
“They should report the crime,” he said. “If they’re afraid of bad publicity, that (should be mentioned) in the initial dealings.”
“[The RCMP] will be more than happy to investigate anyway,” Filion added.
Respondents said firewalls, antivirus software and security standards made up the bulk of their security purchases. But Michael Murphy, general manager of Symantec in Canada, said a more “integrated” approach to security requires companies to move beyond those basics, into areas such as as intrusion detection and methodical security training.
Among the survey’s other findings:
– Respondents were almost evenly split as to whether they felt just as or more concerned about security compared to 18 months ago.
– The top three security threats were identified as malicious hackers, unauthorized access to sensitive information, and viruses.