1 in 4 Canadian organizations say they faced COVID-19 themed cyberattacks: report

Three in 10 organizations have reported a spike in attacks since the pandemic started

A quarter of Canadian organizations have been targeted by COVID-19 themed cyberattacks, according to the Canadian Internet Registration Authority’s (CIRA) latest report.

Examples of COVID-19 themed cyberattacks include fake contact tracing apps and COVID-19 test results phishing campaigns.

CIRA surveyed more than 500 Canadian IT security decision-makers to learn more about how they’re dealing with the increase in cyberattacks for its annual cybersecurity report.

The report found that three in 10 organizations reported a spike in attacks since the pandemic started, and just over half of organizations have implemented new cybersecurity protections in response to the pandemic.

Further, one-quarter of organizations experienced a breach of customer or employee data in the last year, while another 38 percent said they didn’t know if they did or not.

Interestingly, the report revealed that organizations are less likely to inform a regulatory body of a data breach, with only 36 percent doing so in 2020 compared to 58 percent in 2019.

“Organizations are beginning to show compliance fatigue, as more report being aware of recent changes to the Personal Information Protection and Electronic Documents Act (PIPEDA), yet they are less likely to report data breaches than last year,” the report reads.

Despite the increase in cyberattacks, the report found that fewer organizations expect to increase human resources dedicated to cybersecurity in the next 12 months, with one-third planning to do so, down from 45 percent in 2019.

The report also notes that seven in 10 people surveyed stated that they are concerned with data flow through other countries other than Canada.

“Our research shows that COVID-19 has fundamentally transformed cybersecurity. The threat landscape has changed, but, most importantly, the pandemic has created an environment of anxiety and uncertainty that cyber-thieves are exploiting. Now more than ever, cybersecurity is an issue no organization can ignore,” said Jacques Latour, the chief security officer at CIRA, in the report.

CIRA notes that private sector organizations represented 65 percent of the survey sample, while public or not-for-profit organizations made up 35 percent.

Image credit: CIRA

Source: CIRA