Trend Micro has released their biannual Cyber Risk Index. The report finds that Canada has a moderate cyber risk level of 0.16 compared to the rest of North America (-0.01) and globally (-0.04), both of which have an elevated risk level.
The survey gathered information relating to compliance to security policies, investment in security technologies such as machine learning, automation, orchestration, analytics and artificial intelligence tools. The report also explores whether the IT security leader (CISO) within the organisation has sufficient authority and resources to achieve a strong security posture.
The Cyber Risk Index is based on a numerical scale of -10 to 10 (with -10 representing the highest level of risk) and measures organizations’ readiness to respond to different types of cyberattacks.
The research also highlights that Canada is more prepared to handle cyber risk than all of North America (at a score of 5.41 compared with 5.35 in North America as a whole).
However, despite Canada’s good standing, the report found that nearly three-quarters (74 percent) of Canadian organizations think they will be breached in the next 12 months, with 30 percent claiming this is “very likely” to happen.
The concern about potential cyberattacks are borne out by the realities of such an event happening. In this context, the report finds that 83 percent of organizations claimed to have suffered one or more successful cyber-attacks in the past 12 months. More alarmingly, 32 percent say they have experienced seven or more attacks.
In terms of specific risk threats, Canadian organizations appear to be most worried about security risks in relation to mobile/remote employees (at 76 percent), third-party applications (raised by 72 percent of respondents), and mobile/smart phone devices (cited by 66 percent).
For the threat horizon for 2022 and 2023, ransomware, phishing, social engineering, denial of service (DoS) and botnets top the list of cyber threats for organizations over the next 12 months.
DoS refers to an aimed at shutting down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic or sending in information that triggers a crash.
It is also worth noting that the highest levels of risk within organizations were around compliance with security policies and the availability of resources to achieve a strong security posture.
Typically, IT Security compliance aims to create systems that protect the privacy of customer data and block costly data breaches.