Think your business is too small or unimportant for cybercriminals to take notice? You may want to think again.
Data released Tuesday by CDW Canada, a technology vendor, suggests almost one in five Canadian businesses was victimized by online crime within the past year, with 38 per cent viewing cybercrime as a major concern. A further 32 per cent blamed security breaches on inadequately trained employees.
Calling IT security “clearly a major issue for Canadian organizations,” CDW Canada Director of Marketing Daniel Reio said in a statement that the problem is only getting worse. “A large number of companies have experienced cyberattacks in the past year and as firms become more mobile, they increase the number of devices and data validation points they need to manage, heightening their risks.”
The costs add up
The survey results serve up numeric proof that cybercrime is a growing drag on the Canadian economy, and businesses in all sectors are paying heavily for thinking it can’t or won’t happen to them. The business impact reflects similarly alarming data on the consumer side, with increasing numbers of Canadians falling victim to unseen criminals.
Symantec’s 2013 Norton Report further confirms the risks of cybercrime, as total losses in Canada more than doubled to $3 billion over the previous year. Over two-thirds of Canadians - 68 per cent – said they had been victimized by cybercrime at some point in their life, with 42 per cent saying they’d been compromised within the past year. Average cost per victim soared 50 per cent within the same period.
We’re hardly alone. Figures released last month by the Washington, D.C.-based Center for Strategic & International Studies (CSIS) suggest cybercrime now costs the global economy over $400 billion per year – between 13 and 20 per cent of an overall Internet economy that generates an estimated US$2 trillion to $3 trillion annually. The report says 0.64 per cent of U.S. GDP is lost to cybercrime, while Germany is taking a 1.60 per cent hit. Canadian cybercrime costs of 0.17 per cent seem to suggest we’re getting off easy, but CSIS says we’re undercounting the prevalence and severity of online criminal activity.
Security spending inches up
In response to the threat, research firm Gartner says companies are starting to spend more on security. About 39 per cent of respondents to its 2013 Global Risk Management Survey said security was given more than 7 per cent of the total IT budget, up from 23 per cent in 2011. A BAE Systems Applied Intelligence report says 54 per cent of Canadian businesses will increase their cybersecurity spending in response to a spate of high-profile attacks on retailers including Target and Neiman Marcus. This compares to 60 per cent of U.S. businesses and 64 per cent of Australian respondents.
Unfortunately, the distribution isn’t as evenly distributed as it should be. Smaller businesses often feel they don’t present a juicy enough target to cybercriminals. Unlike enterprise-class businesses that have access to larger budgets, dedicated staff and institutional expertise, smaller organizations tend to use their relative lack of security- or technology-centric resources as a convenient excuse for not doing more to stay safe.
That attitude may have worked in the pre-online days when criminals went after specific companies, but the growing reliance of cybercriminals on fast-evolving forms of malware, scripts, bots and other automated tools means no one, even the smallest, most seemingly inconsequential organization or system, is immune. Socially-engineered phishing and drive-by attacks and the growing use of employee-owned mobile devices make an already-challenging security puzzle even more difficult to manage.
Thanks to ruthlessly efficient technology, cybercriminals are casting ever-widening nets that victimize those who are least prepared.
Carmi Levy is a London, Ont.-based independent technology analyst and journalist. The opinions expressed are his own. firstname.lastname@example.org