Almost a third of Canadian businesses unknowingly divulged sensitive information — including customer data — to phishing scams in 2017.
According to the first Canadian Internet Security Survey conducted by the Canadian Internet Registration Authority (CIRA), this can be traced to a large gap between cybersecurity awareness and personal protection.
“Cybersecurity, whether it be for your home, your business or your corporation, is a prominent subject across all sectors … but the education associated with that is not a one-stop shop. It’s a long, complex process,” said Dave Chiswell, VP of product development at CIRA said in an interview.
While all businesses face cybersecurity challenges as attacks grow more sophisticated, small businesses without the resources to invest in expensive precautions often leave themselves vulnerable to these attacks, Chiswell said.
The report states that 77 per cent of small businesses that own their own domain are concerned about becoming the victim of cybercrime, but 36 per cent of respondents surveyed are not currently investing any money in protecting against cybercrime.
“The vast majority of internet users are uneducated, so there’s lots of low-hanging fruit for bad people on the internet,” Chiswell explained.
According to the general manager of Symantec Canada, Ajay K. Sood, small businesses and individual consumers are “woefully outgunned” when it comes preventing online security breaches.
“It’s not a question of whether you can be breached, it’s a question of whether you’re interesting enough to be breached,” said Sood.
Sood adds that the growing complexity of cybercrime makes preventing these attacks especially difficult for small businesses with limited resources. The simplest attacks, such as email phishing scams, can have devastating consequences for small business owners and consumers who don’t know how to recognize them.
“Phishing is low tech, it’s just sending an email. But it’s also high crime,” Sood explained.
The CIRA report also goes on to state that awareness about cybercrime is growing, but this hasn’t been accompanied by a decrease in attacks as one might expect. Sood explained why increasing awareness is actually likely to be followed by an uptick in successful attacks.
“At the end of the day, as awareness grows of attacks and cybercriminals, the attack surface is also growing. The more people coming into technology, the greater attack surface you have,” he said.
While it’s become increasingly difficult to prevent a cyber attack, both Chiswell and Sood have suggestions for small business owners looking to increase their security.
Chiswell advised business owners to sign up with a security provider that’s well known and trusted. Sood on other hand urged Canadians to train themselves to recognize at least a handful of potential attacks.
For example, Sood explained that phishing emails usually promise users some extreme benefit for opening their email, such as a large sum of money or other reward, and warn of a detrimental consequence for ignoring it.
“Cyber has to be considered a general threat. What I’m really talking about s a culture change,” said Sood.