Just over half of Canadian organizations surveyed affected by ransomware or malware have paid the amounts demanded by cybercriminals.
This is one of the results of a survey made public this morning among 491 medium and large companies, carried out last October for the Quebec computer services firm NoviPro.
Respondents included 288 IT decision makers, 97 decision makers who are not in IT, 81 decision makers who are not administrators or IT professionals, and 25 NoviPro customers.
Among the companies that paid a ransom, one in three retained the services of a negotiator, while 23% proceeded without the help of an intermediary.
“As an entrepreneur, I am very concerned that so many organizations are paying ransom,” Yves Paquette, co-founder and CEO of NoviPro, said in a statement. “Companies must be proactive in preventing cyberattacks or the impact will be devastating for them and their customers. If organizations invested even a fraction of the potential cost of an attack, they could easily put systems in place to guard against such fraud. In the physical world you would employ a detachment of guards to protect something with a seven digit value, however, there always seems to be a disconnect when the “something” is numerical. »
Among other finds
- respondents attributed 66% of cyberattacks to what the report summarizes as “internal sources,” including employees and partners. 31% of attacks were attributed to a “malicious internal source”, 22% to an unintentional internal source and 13% to partners, suppliers or customers. 27% of attacks were attributed to an external source not related to the company;
- 43% of respondents said they were increasingly concerned about cyberattacks since the introduction of the hybrid working model. Percentage of companies that revised their security practices in response to the pandemic fell slightly last year
compared to 2020 (76% versus 81%); - 28% of respondents estimated the cost of a cyber attack on their business to be less than $50,000. The same number estimated the cost to be between $50,000 and $250,000. 25% of respondents estimated the cost to be over $500,000;
- only 43% of respondents said they reported a data breach to customers.
This was the sixth edition of the pan-Canadian study examining IT trends and the state of technology in large and medium-sized Canadian businesses, including AI and cybersecurity investment plans, perception of infrastructure, the ‘great quit’ and cloud computing.
In an interview, Paquette said that if organizations put 10% of what they paid as a ransom to improve cybersecurity, they would reduce the chances of being victimized. And they don’t necessarily have to spend big on hardware and software, he added. Sometimes all it takes is reviewing and updating the company’s cybersecurity practices. Increasing employee cybersecurity training is also relatively inexpensive. What is vital, he says, is that e-learning is regular. It is also essential that this is part of the onboarding process for new employees. Having an up-to-date inventory of all company data so IT and management know what needs to be protected is also relatively inexpensive, he added.
Finally, it is inexpensive to ensure that only staff members who need privileged access to data should have it, he said.
The full survey results are available here. Registration is mandatory.
“Amateur web enthusiast. Award-winning creator. Extreme music expert. Wannabe analyst. Organizer. Hipster-friendly tv scholar. Twitter guru.”