One-in-three IT security attacks seek financial gain, according to a survey of more than 600 Canadian IT professionals released by TELUS and the University of Toronto’s Rotman School of Management.
"After four years of study, we are noticing an alarming trend toward attacks that are becoming more targeted, focusing on specific individuals and their data for financial gain," said Yogen Appalraju, vice-president of TELUS security solutions. "These attacks are also reported less frequently, as they are much harder to detect and, ultimately, pose even greater risks. Organizations need to make continued, proactive investment in security to manage how breaches are evolving and the impact that they can have."
However, overall threats are down nearly 50 per cent from last year, to an average of 7.6 breaches per year compared to 14.6 in 2010. The top three breaches reported in 2011 include:
•viruses and malware (46 per cent)
•laptop or mobile hardware device theft (22 per cent)
•phishing or pharming (20 per cent).
Public organizations have surpassed government agencies in the annual number of breaches (18 breaches for public companies against 17.3 for government organizations). This may be attributed to improvements in detection capabilities and monitoring enabling increased visibility into emerging platforms such as mobile devices, said the study.
In addition, insider breaches are on the decline, with 22 per cent of breaches caused by insiders compared to 25 per cent in 2010. However, government is alarmingly trending in the opposite direction. Insider breaches in the government sector grew by 28 per cent since 2010 and 68 per cent since 2008.
IT complexity a concern for senior executives
Increased complexity of IT environments is a top concern of senior management because complexity hinders a security team's ability to manage risk effectively, said the study. The increased complexity stems in part from the emergence of new technologies including mobile computing in the workplace:
•IT environments with a high degree of complexity reported 26 breaches last year, versus only three for simpler environments.
•100 per cent of reported losses above $1 million dollars happened in medium- (40 per cent) or high-complexity environments (60 per cent).
Forty per cent of respondents highlighted the loss of a mobile device with corporate data as their biggest concern. Laptop or mobile device losses and unauthorized access by employees are reported almost twice as frequently in government as in private companies, found the survey. Mobile technology and bring-your-own-device options are seen as both an opportunity and a threat by 80 per cent of government organizations, compared to 56 per cent of private employers and 64 per cent of public ones.
"With the increased adoption of WiFi-enabled devices such as smartphones and tablets, we find ourselves constantly trying to maintain control and implement new technologies designed to mitigate breaches," said Walid Hejazi, professor of business economics at Rotman. "It has become absolutely critical to monitor and enforce stronger controls and provide better education to employees at all levels to prevent attacks."
© Copyright Canadian HR Reporter, Thomson Reuters Canada Limited. All rights reserved.