Many Canadian companies are unprepared to deal with cybersecurity attacks against new and expanding computer technologies such as cloud-based computing, a new study says.

The poll, sponsored by computer technology firm Cisco Canada and released Tuesday, found that only 40 per cent of about 500 firms surveyed had security strategies that take into account new technology such as the “Internet of things,” where a wide range of everyday objects are connected together in networks.

The smallest firms were the least prepared, the study shows. Less than ten per cent of businesses with one to nine employees reported any preparation for threats to new technologies, and just 35 per cent of firms with ten to 99 employees have a strategy in place.

Those small and medium companies need to catch up and become more aware of data threats involving new technologies, said Ahmed Etman, general manager of cybersecurity for Cisco Canada. Still, he added, “there is a lot that needs to be done and it is the same with every organization, no matter what the size is. Everyone needs help.”

The confusion amongst corporations is underlined by the finding that almost one in 10 of those firms surveyed don’t even know if they have experienced a security attack or breach of their network in the last year, Mr. Etman said.

Twenty-one per cent of companies surveyed said they have had a data breach in the last year, and 70 per cent said they have not been attacked.

Mr. Etman said there is evidence most information stolen during a security breach is removed in the first few hours, underlining how important it is to detect a problem quickly. “In many cases people cannot tell whether they are compromised or not,” he said. “But the faster you know you are breached, the better position you are in to recover.”

A key concern, the Cisco survey noted, is that many Canadian companies – especially smaller ones – have not yet organized their computer systems to protect company data that can be accessed on smart phones and other employee-owned devices.

About 39 per cent of companies said they do not have processes in place to protect company data on employee-owned devices. Close to 50 per cent of small companies – those with nine or fewer employees – say they have yet to deal with this issue.

Almost one-third of larger companies with more than 1,000 employees are in that position.

The Cisco survey also polled 1,272 employees, and they indicated significant confusion over the use of personal devices. Almost half of those surveyed said they are allowed to bring and use their own devices on the corporate network, but 24 per cent said they use their own device for work even when they know it is not allowed. Another 11 per cent use their own devices, but don’t know if that is allowed or not. “This obviously indicates a gap in education and awareness” around security issues, Mr. Etman said.

RICHARD BLACKWELL
The Globe and Mail
Published Tuesday, Dec. 02 2014, 5:00 AM EST
Last updated Tuesday, Dec. 02 2014, 5:00 AM EST