Data breach attempts on Canadian organizations intensify

Phishing is an especially insidious danger, cyber-security firm warns

Data breach attempts on Canadian organizations intensify

More than eight out of 10 Canadian organizations suffered data security breaches over the past year, according to new research by cyber-security firm Carbon Black.

In its analysis, Carbon Black raised the alarm on the mounting cyber threats pressing upon organizations nationwide, especially financial institutions.

“Our first Canadian threat report indicates that organizations in Canada are under intense pressure from escalating cyberattacks,” Carbon Black chief cyber-security officer Tom Kellermann said. “The research indicates increases across the board in attack volume and sophistication, causing frequent breaches.”

Fully 83% of the Canadian organizations surveyed stated that they have experienced cyber breaches in the last 12 months alone, with an average of 3.42 breaches per organization.

Moreover, 76% of organizations said that they have seen an accelerated pace of attacks, and 81% stated that the attacks on them have become more sophisticated.

Carbon Black stressed phishing as a particularly insidious method. Approximately one in five successful breaches were found to stem from human error.

Fortunately, “an encouraging number of Canadian organizations (59%) are adopting threat hunting and seeing positive results. As threat hunting strategies start to mature, we hope to see fewer attacks making it to full breach status.”

Read more: Amid multiple cyber-threats, BMO to create financial crimes unit

Late last year, cyber-security firm Agari warned that a wire fraud group calling itself “London Blue” is aiming to mount data attacks on 50,000 financial executives worldwide, with majority of the targets being high officials in banks and mortgage lenders.

“Targets included companies in a very broad range of sectors, from small businesses to the largest multinational corporations,” Agari said, as quoted by CNN.

“Several of the world’s biggest banks each had dozens of executives listed,” it added. “The group also singled out mortgage companies for special attention, which would enable scams that steal real estate purchases or lease payments.”

Agari noted that much of the threat will come in the form of business email compromise campaigns: scam requests in the form of seemingly legitimate messages that will make the targets unwittingly transfer funds to the hackers.

“BEC fraud can be incredibly difficult to spot as these hackers will take the time to make their attempts as accurate as possible using social engineering – learning job titles and names of key decision makers with tools such as LinkedIn and Twitter,” NuData Security vice president of customer success Ryan Wilk explained.