The news surrounding corporate security has been dark as of late.
First, just before the start of the new year, researchers at RedSeal concluded that corporates, both large and small, are frankly being “naïve” about their cybersecurity risks. Then, earlier this month, reports from Centrify found new evidence of increases in corporate cyber attacks, suggesting cybersecurity service providers aren’t doing their job.
“Despite over $75 billion spent on cybersecurity in 2016, the products and services from major security companies have failed to stop breaches from occurring, and in fact, the problem is getting worse,” declared Centrify CEO Tom Kemp at the time.
It’s a global phenomenon, though analysis has pinpointed 2016 as the worst year ever for cyberattacks and data breaches in the U.S. Its neighbor to the north, however, isn’t faring too well either.
The latest report from Ipsos and MNP LLP find that Canadian businesses are simply in denial about their own cybersecurity threats.
“Incidents of fraud are rising every year, yet an overwhelming majority of Canadian business and C-suite executives say they are confident in their ability to prevent it,” the companies announced earlier this month. “The disconnect could be due to a dangerous combination of overconfidence and naivete when it comes to fraud detection and prevention.”
Analysis revealed that half of businesses in the nation said they either suspect or are certain that they have been the target of fraud or a scam in the past year.
Here’s the kicker: About 80 percent of these executives say they are confident in their firm’s abilities to prevent such attacks — even though they’ve already experienced them.
In another show of this disconnect, the report found that survey respondents are twice as likely to acknowledge fraud as a serious problem in their industry overall than in their own actual company.
“This kind of ‘It won’t happen to me’ optimism puts the advantage in the hands of criminals and makes Canadian businesses tremendously vulnerable,” reflected Greg Draper, vice president of Valuations, Forensics and Litigation Support at MNP and a former RCMP investigator. “This reality is that no organization is immune from either internal or external fraud.”
Researchers cited earlier statistics released by the Canadian Anti-Fraud Centre last year, which found a 40 percent increase in the number of victims of wire fraud, reports said, adding that those crimes include email scams, to which businesses are particularly vulnerable.
According to Draper, businesses are in “giant denial” regarding fraud prevention. Two-thirds of businesses surveyed described their companies’ approach to fraud and scams as “proactive.” The executive said this is not surprising, however.
“Oftentimes we see businesses who come to us after they have been compromised, but they don’t know how or why it happened,” he said. “They may have had security awareness and fraud training processes in place, but sophisticated scammers or even internal employees can find points of vulnerability. They realize they were not as equipped to deal with it after the dollars go out the door.”
He continued to stress that this is an issue that all businesses — of all sizes and industries — need to understand.
“Fraud is a serious threat no matter the size or the industry of the organization,” Draper continued. “All businesses must take preventative measures utilizing best practices, training and technology. When you consider the financial and reputational risks, it is clearly worth the effort.”