Companies Recognize Cyber Threats but are Unwilling to Spend Enough on Protection
A recent survey of Canadian companies conducted by Ovum found that most expect cyber attacks to become a major threat within the next few years, but fewer than half are willing to budget for adequate protection.
76 percent of surveyed companies admit that there will be an increase in data breach attempts. But only 46 percent are planning to upgrade their security to deal with the threat.
Kevin Deveau, vice president of Fair, Isaac, and Company commissioned the poll. He is an expert in the data analytics field. He said he was taken aback that there were so few firms interested in improving their security, even after admitting that security threats will soon surge.
Ryan Wilson is the chief technology officer at Scalar Decisions, which is also a cyber security company. He says that there are only a few companies that are prepared against the rising internet threats and breaches. He admitted that these threats are becoming more difficult to detect and sophisticated.
The report of the Ovum came just after the WannaCrypt cyber attack which took down thousands of systems around the globe.
Wannacrypt was a cross between the ransomware and virus. It locks the computer until the user of that system does not transfer the money to the criminal in terms of bitcoins. This attack hit more than 100,000 organizations of the world but there were few cases in Canada.
Atefeh Mashatan, the business professor at Ryerson University, revealed that Canada has one compromised machine for every 13,138 people. This made up to 2,740 machines altogether. He said that it was not known how much of them belonged to business firms and how much belonged to the organizations.
Also Check: Data Loss Prevention
According to Wilson, the Virus took advantage of the weakness in the networks. These networks were mostly unpatched and not updated at all. Stephen Cobb said that it is an alarm for the users to wake up. Stephen Cobb is the security researcher for anti-virus company ESET. He also told us that the patch was available even before the attack was formulated and it was open source for everyone. Some people chose to ignore it and had to bear the consequences.
The cyber attack was spread by email and even a basic training against these threats would do the work of prevention for the users. Wilson advises to stay up to date with your system network to avoid such threats in the future.
He also informed that the company designates every Tuesday as patch Tuesday but most of the companies do not go with this pace. Similarly, building a cyber security protocol for every system is one heck of a work of coordination.
Mashtan said that IT would need fund to update the software overnight but it could not do so without any funds at all. IT experts have agreed on training, patching and updating the network as the measure to remain protected all the time but there are the resources that are required, which is not available every time.
Wilson in one of his observations noted that the best firms spend around 11 to 14 percent of their budget for fighting against the cyber security threat. Sadly, the Canadian average is under the 7 percent. It has raised concern as the cyber attacks are becoming more and more dangerous than before. It was in 2016 that a cyber attack would cost $6.8 million but now in 2017, the cyber attack would cost around $7.2 million. It is most likely to increase in coming years.
In a report in which companies were served anonymously, there came the result that showed that around 35 percent of the companies admitted that they were the victims of the cyber attacks. This survey was taken by the Scalar.
Manhattan agreed that it was hard to convince the management about the increasing cyber threat but after the attack of ransomware, many managements have opened their eyes and they have understood that prevention is better than cure. Following this, structural changes within the company should be held to make sure the ample oversight.
With more and more advanced cyber threats releasing to damage systems and take out the money from their pockets, companies, especially Canadian companies, should start taking the cyber security risk with the same level as they take a financial risk.