Canadian corporations may need to step up their cybersecurity defences as these firms are suffering regular security breaches and often take a long time to detect these breaches, according to a recent survey from global consulting firm Accenture.
The average Canadian firm is suffering approximately three effective cyberattacks per month as roughly one in three targeted attacks results in an actual breach, the survey of security professionals at large companies in 15 countries, including Canada, finds.
The survey of 2,000 enterprise security practitioners, including 124 in Canada, found that "most Canadian companies do not have effective technology in place to monitor for cyberattacks and are focused on risks and outcomes that have not kept pace with the threat."
For example, the survey found that although survey participants say internal breaches have the greatest impact, 62% say that they're prioritizing their defences against external threats. Furthermore, Canadian organizations "continue to pursue the same countermeasures instead of investing in new and different security controls to mitigate threats."
Canadian companies are spending 7.3% of their annual IT budget on cybersecurity compared with the global average of 8.2%, Accenture's survey also found.
The survey also found that security breaches often take a long time for firms to discover. It notes that 52% of Canadian executives admit that it "takes months to detect sophisticated breaches, and as many as a third of all successful breaches are not discovered at all by the security team."
Despite this, the survey found that 52% of Canadian survey participants say they're confident in their ability to monitor for breaches; 48% are confident in their ability to minimize disruptions from these attacks; and just 29% say "they are competent in business-relevant threat monitoring."
"Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behaviour requires more than the best practices and perspectives of the past," said Russell Thomas, Canadian cybersecurity lead for Accenture. "There needs to be a fundamentally different approach to security protection starting with identifying and prioritizing key company assets across the entire value chain."
Photo copyright: maxkabokov/123RF