2017 scalar security study summary
TRANSCRIPT
The Cyber Security Readiness of Canadian Organizationsresults of the 2017 scalar security study
We surveyed 658 IT and IT security practitioners in Canada with a goal of learning:
Strategies to achieve a stronger cyber security posture How Canadian organizations are responding to growing cyber security threats How much cyber security threats are costing Canadian organizations on an annual basis What technology and methods respondents are using to improve their chances of winning the cyber security war
What you need to know about the current trends in the cyber security
landscape in Canada today.
Canadianorganizationsfaced approximately
44 cyber attacks in the last 12 months.
Canadians are losing the war
on cyber security. Only
34% believe they are winning.
Web-borne malware attacks arethe most frequent type of incidents
that organizations are seeing in their IT networks.
Similar to last year, mobile devices and third party applications are the
most targeted platforms.
The cost of abreach is increasing. On average, organizations
spent 7.2MILLION* in 2016 on cyber security compromises. *compared to $7M in 2015
The Canadian threat landscape is on the rise, so we continue to ask whether organizations are spending enough of
their IT budget on security.
Organizations seem to be making investments in gaining better visibility and control over their IT environments,
including breach response retainers, SIEM, and threat intelligence, however,
no technology is infallible.
Insider threats are on the rise.
44% of respondents say their organizations are not
monitoring individuals who have access to sensitive files and information.
Insider threats are becoming much more prevalent. While the most
likely attacks continue to be criminal syndicates and lone wolf hackers, for
the first time, insider threats were ranked higher than corporate espionage.
Organizations have difficulty preventing cyber attacks from evading intrusion detection (IDS) and anti-virus
(AV) systems.
79% of respondents say their organization’s AV or IDS systems failed to prevent cyber attacks.
For the first time, we asked respondents about their experience
with ransomware.
35% of organizations report having had employees
targeted by ransomware. Only 21% reported the incident to law enforcement.
46% of respondents say their organization experienced a DDoS attack that caused a disruption to business operations and/or system downtime.
So what exactly is the benefit of being considered a high performing
organization?
We’ve concluded that high performing organizations are more likely to
recognize the evolving state of cyber threat in Canada, but also align their
strategy for mitigating these risks to the overall business goals and objectives.
Even though they have a greater
awareness of the cyber security threat landscape,
only 37% of high performing organizations believe
they are winning the war on cyber security.
Here are our final recommendations...
¡Invest in technologies and systems that will reduce growing insider threat, including identifying vulnerabilities through risk assessments and audits¡Recruit individuals with hands-on experience to help lead the organization’s cyber security team¡Engage in threat sharing intelligence to increase the ability to proactively deal with the sophistication and severity of cyber threats¡APT-related incidents are on the rise, this should influence IT security planning by including effective strategies to protect vulnerabilities via the web, email, and endpoints
Interested in learning more?
Download the full study at:scalar.ca/scalar-security-study-2017/