Canadian companies tend to be overconfident or unprepared to protect sensitive information from data breaches — mostly because they have an incomplete or inadequate picture about the evolving challenges they face.
A study conducted by Ovum for FICO — a California-based data analytics company that operates a global fraud detection system for banks, credit card companies and others — found 84 per cent of Canadian executives surveyed felt their organization was “better than average” or a “top performer.”
The report asserts this is an “unrealistic” scenario and Canadian organizations “should look at their ability to prove how good they are.”
“If you can’t measure whether you’re vulnerable or not, can you really say you’re covered,” FICO Canada vice-president Kevin Deveau said.
Ovum conducted telephone interviews with 500 senior IT executives in several countries.
This week, the owner of Swiss Chalet, Harvey’s, East Side Mario’s and other restaurants was the latest business to report that its operations had been disrupted by a malware virus.
Recipes Unlimited Corp. learned of the outbreak on Friday and said that as of Wednesday, a “small percentage” of restaurants were still impacted.
Spokeswoman Maureen Hart says there was no evidence that any data was compromised, or that the company was being held for ransom by hackers.
Cyber security strategist Eldon Sprickerhoff, founder of Toronto-based eSentire, said in an interview prior to the Recipe Unlimited crisis, that research has shown humans have a universal tendency to be too optimistic.
But Canadian companies also have a mistaken belief that they’re too small or insignificant to be a target — and therefore, they may be overconfident that they’re prepared, he said.
“If you’re not actively watching for attacks that are going on, it’s very difficult to be able to say you’re in a good space,” Sprickerhoff said.
The good news, from his perspective, is that more Canadian boards have begun to make cybersecurity a regular agenda item.
That’s at least partly because private-sector organizations will be required to report all leaks of personal information to the federal privacy commissioner starting Nov. 1, Sprickerhoff said.
David Masson, the Canada country manager for Darktrace — a cybersecurity software company headquartered in San Francisco and Cambridge, England — agreed that businesses are paying more attention because of increased regulation in various jurisdictions and general awareness of the risks.
Nevertheless, he said, most have inadequate knowledge of what they’re facing because “they’re missing proper visibility of their networks, they can’t really see what’s going on.”
Of the Fortune 500 very large companies that have done trials of Darktrace software, Masson said 85 per cent of the time “we find malware and malicious behaviour they had no idea was on their network. And when you’re outside the Fortune 500, that figure goes up to 95 per cent of the time.”