Do companies underestimate the risks of online piracy?
Pirates do not keep business leaders up at night: 86% of business decision makers believe their business is capable of dealing with computer attacks. This confidence amazes some security experts and stands in stark contrast to the actual frequency of attacks.
One-third of Canadian companies admitted to having already been victims of a ransomware attack, or a similar computer threat. This is one of the results of the 2018 Edition of the Portrait of IT Trends in Large-and Medium-Sized, a study carried out by Léger and NOVIPRO.
But even this attack rate probably underestimates the magnitude of the threat. Roger Ouellet, Solutions Designer and Security Practices Manager at NOVIPRO, believes that most companies ignore attacks that were unsuccessful or have yet to be discovered. "Many malware and viruses lie dormant, waiting for a specific date or action to trigger them," he explains. "When you monitor the traffic in a company's network closely, you almost always find a suspicious threat or behaviour."
Equifax, Yahoo, Uber: Several large companies have made headlines for their inability to protect their customers’ personal data. "The consequences are serious for users who are victims of these attacks." says Judge Cyrille Akhtar, Head of Security Management for the SITAONAIR company in Montreal, and a lecturer in cybersecurity at Polytechnique. "Hackers can access not only their password, surname, first name, date of birth or social insurance number, but also the security questions that are asked to change passwords. These questions are almost always the same from one service to another."
Nevertheless, most attacks against companies are not made public. They are most often aimed at extracting money from the company, including forcibly encrypting data and demanding a ransom to regain access.
More and more connected devices... more targets for hackers No company is safe, because more and more devices are connected to networks. "Ten or fifteen years ago, a corporate network would be spread over one or two servers, desktops and printers," recalls Roger Ouellet. "Today the network extends to include laptops, tablets and smartphones, as well as any other connected objects such as thermostats or videoconferencing systems. The network attack surface has increased considerably for pirates." Despite these threats, business decision makers in Canada remain confident: 86% say their business is well protected, with 40% reporting that they feel very well protected.
This reassurance comes as a surprise to Cyrille Aubergier. "There may be an excess of confidence on the part of Canadian companies," he says, "I notice that Canadian consumers seem less suspicious than Americans and Europeans about email phishing threats. These email threats are a serious danger to organizations, because many employees use their phones and laptops for both personal and professional communications. "
The usefulness of conducting regular audits Business decision-makers' confidence in their security contrasts with our survey results: less than 40% of businesses conducted a security audit in the past year. During the same period, only 38% carried out a succession test to check that they could resume their activities quickly after an attack or disaster.
Those numbers are too low, according to Roger Ouellet, of NOVIPRO. "I believe companies should do at least a security audit and a recovery test every year," he says. "They shouldn’t just rely on antivirus software updates to protect them... " Cyrille Akhtar, of SITAONAIR, also believes that companies should mobilize more resources to better protect themselves. "Company leaders rely heavily on security equipment and software solutions, but we must not forget the human factor: the threat also comes from reckless behaviour and a lack of vigilance. At the end of the day its humans, not machines, that can ensure security... ".
Some companies and their IT executives are nonetheless aware of security threats. As evidence, 44% of companies plan to carry out IT projects dedicated to safety over the next two years. Security was also the most commonly cited area for IT projects in the short term.
To view the complete study carried out by NOVIPRO and Léger, click here!