Many of Canadian companies’ data breaches stem from phishing-induced human error, according to the latest study by cyber-security firm Carbon Black.
More than eight out of 10 Canadian organizations (83%) experienced data breach attempts over the past year, with an average of 3.42 breaches per company. Financial institutions were particularly vulnerable targets.
The analysis also found that 76% of respondents stated that they have suffered more attacks compared to previous years.
Fully 81% noted that the attacks on them have become more sophisticated, with phishing accounting for one in five successful breaches.
“Our first Canadian threat report indicates that organizations in Canada are under intense pressure from escalating cyberattacks,” Carbon Black chief cyber-security officer Tom Kellermann said. “The research indicates increases across the board in attack volume and sophistication, causing frequent breaches.”
Read more: Are your employees liable for data breaches?
This dovetailed with the warning issued by cyber-security firm Agari, which stated that much of the cyber-threats targeting Canadian organizations will come in the form of business email compromise campaigns: scam requests that appear as seemingly legitimate messages, which will mislead the targets into unwittingly transferring funds to the attackers.
“BEC fraud can be incredibly difficult to spot as these hackers will take the time to make their attempts as accurate as possible using social engineering – learning job titles and names of key decision makers with tools such as LinkedIn and Twitter,” NuData Security vice president of customer success Ryan Wilk explained.
Fortunately, Carbon Black also found that “an encouraging number of Canadian organizations (59%) are adopting threat hunting and seeing positive results. As threat hunting strategies start to mature, we hope to see fewer attacks making it to full breach status.”