The Canadian cybersecurity landscape has traditionally been viewed in the context of the wider North American experience. While this may provide a rough approximation of what’s going on in Canada, it does not yield insights that reflect the unique market conditions and regulatory environment of this country.
As part of a wider initiative aimed at closing this information gap, the Canadian Internet Registration Authority (CIRA) launched its first Canadian Internet Security Survey in late 2017. This survey, in which CIRA tapped almost 2,000 Canadians who own at least one .CA domain registered to either a business or an institution, found that .CA domain owners are:
- Threat-aware: Seventy-seven per cent of personal domain owners and 68 per cent of small business respondents say they are either aware or very aware of the scope of the cyber threats they face today. Over 40 per cent of those with personal websites say they know someone who has been the victim of a virus or ransomware attack.
- Worried they’re next: Sixty-eight per cent of .CA domain owners and almost 80 per cent of small business domain owners are to some degree concerned that they are going to be victims of a cyberattack. This concern is not without basis: 10 per cent of small businesses websites have gone down at least once in the past two years due to cyberattack, with better than one in five larger companies falling victim to a DDoS attack within the past year.
- Proactive (or trying to be): Business owners say they are doing their best to ensure their network is protected, employing multiple security solutions, including but not limited to antivirus software, hardware- and software-based firewalls, and email encryption.
CIRA’s survey disabuses anyone of the notion that Canadian enterprises are flying under the radar of hackers. Understandably, companies are growing increasingly concerned, and as a result are investing more heavily in solutions that prevent bad actors from gaining a foothold. Unfortunately, as the evidence suggests, these extra efforts don’t stop the problem but only serve to keep one step ahead of the inevitable – and to mitigate the impact of a successful infiltration.
“Companies are using a lot of different security tools, antivirus, firewalls, and everything in between,” said Mark Gaudet, Product and Business Development Manager at the Canadian Internet Registration Authority (CIRA). “Despite that, one in five were hit with ransomware last year, with one third giving up data in phishing attacks. Clearly, something isn’t working.”
Although Gaudet recommends a layered cybersecurity strategy—where several tools and services complement each other—what is most important is what comprises the layers.
“The DNS layer is often overlooked,” he said. “It’s one security layer that many are not even looking at right now. However, more and more we’re seeing malware using DNS as a command-and-control channel to avoid detection. A well-designed DNS firewall solution like D-Zone DNS Firewall can effectively close that gap.”
CIRA’s Canadian Internet Security Survey provides information on:
- How respondents are using their domain name(s)
- Respondents’ level of awareness of cybersecurity threats
- Scale and breadth of cybersecurity threats
- Gap between cybersecurity awareness and personal protection
- Home security spending
- Increased impact and frequency of cyberattacks in Canada
- Frequency of DDoS attacks
- The value of defence in depth to Canadian companies
- Level of malware and phishing protection by blocking DNS-level queries
The Canadian Internet Registration Authority (CIRA) is a member-based not-for-profit organization, best known for managing the .CA internet domain on behalf of all Canadians, developing and implementing policies that support Canada’s internet community and representing the .CA registry internationally. In addition, we deliver cybersecurity services designed for Canadian organizations, including the new D-Zone DNS Firewall for protection from ransomware and other malware.