Anti-malware software

75.8%

Email Security

75.4%

Network Security

68.8%

Enterprise Cyber Security Measures

This plot shows various cyber security measures enterprises have in place by industry and size of enterprise Source: StatsCan

Enterprise measures details:

  • Point-Of-Sale security includes the method encryption of cardholder data.
  • Hardware and asset management is taking inventory of IT equipment and encrypted USB storage devices
  • Identity and access management pertains to password complexity rules and restrictions based on user accounts
  • Physical access controls means restricting keypad access control systems and identity badges
  • Software and application security deals with whitelisting urls and scheduled patching
  • Data protection and control involves encryption and rights management
Definitions

Cyber security measures

Network Security includes:

  • Firewalls: Control network traffic, blocking unauthorized access.
  • Intrusion Detection/Prevention Systems (IDS/IPS): Monitor network activity for malicious patterns and proactively block attacks.
  • Virtual Private Networks (VPNs): Securely connect remote employees to the company network.
  • Network Segmentation: Divides the network into smaller, isolated segments to limit the impact of potential breaches.

Endpoint Security:

  • Antivirus/Anti-malware Software: Detects and removes malware from devices.
  • Endpoint Detection and Response (EDR): Monitors endpoint activity for suspicious behavior and responds to threats in real-time.
  • Data Loss Prevention (DLP): Prevents sensitive data from leaving the organization’s network

Identity and Access Management (IAM):

  • Strong Authentication: Implements multi-factor authentication (MFA) to enhance login security.
  • Least Privilege Principle: Grants users only the necessary access to perform their job duties.
  • Role-Based Access Control (RBAC): Defines access permissions based on an individual’s role within the organization.

Data Security:

  • Data Encryption: Encrypts sensitive data both in transit and at rest to protect it from unauthorized access.
  • Data Backup and Recovery: Regular backups of critical data ensure business continuity in case of a data breach or disaster.

Regular Security Audits and Assessments:

  • Conducts regular security assessments to identify and address vulnerabilities, and ensures compliance with industry standards and regulations

Enterprises by industry targeted by cyber crime (2023)

Sector                                            Percent
-------------------------------------------------------------
Finance and insurance                               25.5
Information and cultural industries                 24.7
Mining quarrying and oil and gas extraction         21.3
Professional scientific and technical services      21.1
Wholesale trade                                     20.9
Manufacturing                                       19.2
Real estate and rental and leasing                  18.8
Transportation and warehousing                      16.7
Private sector                                      16.1
Utilities                                           16.0
waste management and remediation services           15.7
Educational services                                15.6
Management of companies and enterprises             15.4
Accommodation and food services                     15.4
Retail trade                                        14.2
Other services (except public administration)       13.3
Construction                                        12.6
Health care and social assistance                   12.2
Agriculture forestry fishing and hunting             9.7
Arts entertainment and recreation                    9.5

The table shows that Finance and insurance is most targeted industry in Canada. The rationale for that is:

  • Financial Data: These sectors handle vast amounts of sensitive financial data, including personal information, credit card numbers, bank account details, and investment portfolios. This data is highly valuable on the black market for identity theft, fraud, and other illicit activities.

  • Large Financial Resources: Financial institutions typically have significant financial reserves, making them attractive targets for ransomware attacks where cybercriminals demand large sums of money for data recovery.

  • High Potential Payoff: Successful cyberattacks against financial institutions can yield significant financial gains for cybercriminals.

  • Relatively Low Risk: With sophisticated techniques like social engineering and phishing, cybercriminals can often gain initial access without being easily detected.

Reporting of cyber security incidents to a police service by industry and size of enterprise (2023)

The plot shows that real estate, rental and leasing industry has highest incidents of cyber crime reported in 2023. Cyber criminal target real estate industry due to the personal information it handles, stores and uses for its daily processes. Personal information such as financial, social insurance/ security numbers, home addresses and employment history.

Financial transaction data is prized data for cyber crime due to its nature of being able to make fraud purchases.

Impact of Breaches:

  • Financial Losses: Data breaches can lead to significant financial losses due to fraud, legal fees, and reputational damage.
  • Loss of Client Trust: A data breach can severely damage a real estate company’s reputation and erode client trust, impacting future business.

Protect personal information: employees. suppliers. customers or partners

65.1

Prevent fraud and theft

36.5

Allow employees to work remotely securely

28.9

Enterprise Spending

Main reasons enterprises spend time or money on cyber security by industry and size of enterprise

Canadian Survey of Cyber Security and Cybercrime (CSCSC) final sample size was 12,462 enterprises with a response rate of 65%.

Businesses knowing the importance of cyber security measures does not extent much beyond protecting company employee personal data, followed by preventing fraud and theft. Clearly the businesses in Canada need further engagement and financial business rationale for the spending.