Canada Bombarded with COVID-19-Themed Cyber-attacks

More than a quarter of Canadian IT workers say their organization has suffered a COVID-19-themed cyber-attack, according to a new survey.

The "2020 Cybersecurity Report" released today by the Canadian Internet Registration Authority (CIRA) surveyed more than 500 Canadian IT security decision-makers to learn more about their experience with cyber-threats.

Key findings of the report include that one-third of respondents said their organization was targeted by a COVID-19-related cyber-attack. Among the threats recorded by the survey were fake contact-tracing apps and phishing attacks that exploited COVID-19 test results.

Around three in ten organizations reported experiencing a spike in the volume of attacks they had suffered since the pandemic started. 

Slightly more than half said that they had implemented new cybersecurity protections in response to changes triggered by the global outbreak of the novel coronavirus. 

Worryingly, one-quarter of organizations surveyed said that they had experienced a data breach of customer and/or employee data last year. Of arguably greater concern was the fact that 38% of organizations didn't know if they had been hit by a data breach or not. 

"The plot looks to get even darker for IT in the next 12 months," said a CIRA spokesperson. "Despite facing more attacks in a harder-to-secure scenario, only about one-third of workers anticipate an increase in human resources devoted to cybersecurity. 

"That is down from 45% anticipating more resources in 2019."

The survey found that around one in ten workers anticipate having fewer resources to invest in cybersecurity in the coming year. 

Another key finding of the report was the emergence of what appears to be compliance fatigue. 

"More report being aware of recent changes to the Personal Information Protection and Electronic Documents Act (PIPEDA), yet they are less likely to report data breaches than last year," noted CIRA.

In 2020, only 36% of organizations informed a regulatory body after experiencing a data breach, down from 58% in 2019. This year, just 44% of those surveyed informed customers of a breach, representing a 4% decrease compared to 2019. 

CIRA predicts that if the federal government passes stricter privacy requirements, businesses will either need to be enticed into reporting breaches or financially penalized more severely for not doing so.

What’s Hot on Infosecurity Magazine?