If you read the latest Canadian Threat Report from Carbon Black, the Canadians have it bad… really bad. With increases across the board, Canadian organizations are needing to step up their security game.
Cybercriminals don’t care what country their victim is in, as long as there is money to be made. And Canada is no exception. So, security vendor Carbon Black surveyed 250 CIOs, CTOs, and CISOs to better understand what the cyberattack landscape looks like and what trends are being experienced.
According to the report, Canadian organizations have had it rough over the last 12 months:
- 76% reported an increase in attacks
- 10% an increase in attacks of more than 100% over the previous 12 months
- 81% reported attacks have become more sophisticated
- 83% report being breached
- The average number of breaches is 3.2
As nice as the Canadians are, they are not just sitting back and taking it. The report highlights a few responses to all of these attacks:
- 59% are actively threat hunting
- 85% anticipate an increase in security spending
According to the report, the number one cause of successful breaches was phishing. This should come as no surprise, as phishing as long been sitting at the top of the attack vector food chain. The use of phishing means Canadian organizations need to take some of that increased security budget and spend it in a way that will materially decrease the success of phishing attacks.
Employees are the weakest link in phishing attacks, being fooled by social engineering tactics, contextual details pulled from online intel-gathering, and a general lack of vigilance on the part of the employee. Organizations using Security Awareness Training along with phishing testing can elevate the employee’s understanding of why continual security awareness is necessary, what’s at stake, and how to protect themselves and the organization from phishing attacks that can result in malware infections, data breaches, and ransomware attacks.
The Canadians have realized they need to get serious about cyber security. Adding Security Awareness Training to their strategy needs to be a primary part of the strategy.