- 25% of Canadian IT decision-makers report they suffered a COVID-19-themed cyberattack
- IT teams from private and public sectors forced to create in-house policies and cybersecurity trainings for remote workers
- Only 36% of organizations have informed a regulatory body after suffering a data breach
More than 25% of Canadian IT workers say a COVID-19-themed security incident has targeted their organization during the ongoing pandemic, according to the Canadian Internet Registration Authority (CIRA) 2020 Cybersecurity Report.
The pandemic has created new challenges for IT decision-makers as it prompted a surge in the number of remote workers. According to the survey, 78% of IT employees in the public sector were forced to shift to a home-office environment, compared to 60% of private businesses' workers.
The change in scenery preceded a significant increase in cyber threats and attack vectors, with bad actors exploiting hard-to-secure environments and anxious workers.
Among other findings highlighted in the report, nearly 30% of organizations note an uptick in the volume of cyberattacks in the past year.
"From our own observations of the data we get from delivering CIRA Canadian Shield and CIRA DNS Firewall, we can say that these new threats aren't replacing the old ones but in fact, they are increasing the number of vectors that malicious actors are using to target organizations," the report said.
To address these threats, 94% of respondents said they conduct specific cybersecurity training, in areas such as safely using online teleconference platforms and spotting Coronavirus-themed cyber threats safely.
57% of respondents say they use materials created in house for their cybersecurity awareness trainings, with phishing simulations becoming a popular trend in 37% of cases.
When asked how often their organizations carry out cybersecurity training, 40% of respondents said they do it annually or less often, and 49% quarterly. Only 9% of respondents say they are commited to monthly employee training.
Despite the increased cybersecurity risks and high impact of attacks, only 43% of IT departments expect additional financial resources in the next 12 months, down from 54% that expected an increase last year, CIRA said.
The survey also underlines that organizations "are beginning to show compliance fatigue, as more report being aware of recent changes to the Personal Information Protection and Electronic Documents Act (PIPEDA), yet they are less likely to report data breaches than last year."
In 2020, only 36% of respondents informed the Privacy Commissioner's Office after experiencing a data breach, compared to 58% in 2019. Additionally, only 44% reported the incident to customers, down four percentage points from last year’s survey.