The Cyber Security Readiness of Canadian Organizationsresults of the 2017 scalar security study

We surveyed 658 IT and IT security practitioners in Canada with a goal of learning:

Strategies to achieve a stronger cyber security posture How Canadian organizations are responding to growing cyber security threats How much cyber security threats are costing Canadian organizations on an annual basis What technology and methods respondents are using to improve their chances of winning the cyber security war

What you need to know about the current trends in the cyber security

landscape in Canada today.

Canadianorganizationsfaced approximately

44 cyber attacks in the last 12 months.

Canadians are losing the war

on cyber security. Only

34% believe they are winning.

Web-borne malware attacks arethe most frequent type of incidents

that organizations are seeing in their IT networks.

Similar to last year, mobile devices and third party applications are the

most targeted platforms.

The cost of abreach is increasing. On average, organizations

spent 7.2MILLION* in 2016 on cyber security compromises. *compared to $7M in 2015

The Canadian threat landscape is on the rise, so we continue to ask whether organizations are spending enough of

their IT budget on security.

Organizations seem to be making investments in gaining better visibility and control over their IT environments,

including breach response retainers, SIEM, and threat intelligence, however,

no technology is infallible.

Insider threats are on the rise.

44% of respondents say their organizations are not

monitoring individuals who have access to sensitive files and information.

Insider threats are becoming much more prevalent. While the most

likely attacks continue to be criminal syndicates and lone wolf hackers, for

the first time, insider threats were ranked higher than corporate espionage.

Organizations have difficulty preventing cyber attacks from evading intrusion detection (IDS) and anti-virus

(AV) systems.

79% of respondents say their organization’s AV or IDS systems failed to prevent cyber attacks.

For the first time, we asked respondents about their experience

with ransomware.

35% of organizations report having had employees

targeted by ransomware. Only 21% reported the incident to law enforcement.

46% of respondents say their organization experienced a DDoS attack that caused a disruption to business operations and/or system downtime.

So what exactly is the benefit of being considered a high performing

organization?

We’ve concluded that high performing organizations are more likely to

recognize the evolving state of cyber threat in Canada, but also align their

strategy for mitigating these risks to the overall business goals and objectives.

Even though they have a greater

awareness of the cyber security threat landscape,

only 37% of high performing organizations believe

they are winning the war on cyber security.

Here are our final recommendations...

¡Invest in technologies and systems that will reduce growing insider threat, including identifying vulnerabilities through risk assessments and audits¡Recruit individuals with hands-on experience to help lead the organization’s cyber security team¡Engage in threat sharing intelligence to increase the ability to proactively deal with the sophistication and severity of cyber threats¡APT-related incidents are on the rise, this should influence IT security planning by including effective strategies to protect vulnerabilities via the web, email, and endpoints

Interested in learning more?

Download the full study at:scalar.ca/scalar-security-study-2017/