COMPANIES SHOULD EXTEND EFFORTS TO FIGHT CYBERATTACKS

Organizations that oversee sensitive information remain woefully unprepared to fend off increasingly clever and sophisticated data raiders, according to a new study.

A report issued Tuesday by Silicon Valley security software firm FireEye Inc. Data breach victims took a median of 205 days – almost seven months – to realize they had had been hit, giving “attackers a free rein in breached environments far too long before being detected,” the report said, while “run-of-the-mill cyber criminals” out to steal credit-card data are becoming harder to distinguish from state-sponsored attackers due to advanced camouflaging tools and tactics.

Despite increasing awareness of cyberthreats and investments to protect sensitive data, including personal customer information and corporate secrets, corporations appear to be falling behind in their efforts to counter hackers. Many companies are better prepared for fires, floods and ice storms than data breaches, which “are more likely, and likelier to have a more significant business impact” than other emergencies, said John Proctor, vice-president of global cybersecurity with Montreal information technology services firm CGI Group Inc.

Take NOTE - 1

At the same time, corporations increasingly realize there is little they can do to stop data raiders from penetrating their firewalls and getting past their anti-virus software. Leading cybersecurity providers are more focused on containing malicious software programs that have already entered corporate servers and constantly monitoring networks to prevent the invaders from uploading data to anonymous cybercriminals located around the world.

Catherine Beagan Flood, a litigation partner with Blake, Cassels & Graydon LLP in Toronto specializing in privacy and cybersecurity issues, said cyberthreats are becoming a “high-priority issue” for senior Canadian executives, though she added, “I think at the moment [they have] almost a sense of resignation that this is what the world is like now … and with the recognition that sooner or later it will happen to their company.”

Take NOTE - 2

Last year, high-profile hack attacks on Home Depot, JPMorgan and Sony Pictures, among others, compromised tens of millions of customer accounts and led to the leak of confidential information, such as credit-card data and embarrassing internal e-mails.

According to cybersecurity firm Risk Based Security, five of the biggest 10 hacks ever happened in 2014, while 1.1 billion records were compromised in 3,014 data breach incidents around the world, up from the previous record of 822 million exposed records in 2013. At least, that’s the amount of known breaches; experts say that data breaches remain underreported, and legislation now before the Canadian Parliament would make data-breach reporting mandatory.

Take NOTE - 3

IT professionals are also falling short in how they build protective layers around their stores of data. In some cases, “even minor configuration mistakes” in the systems architecture can leave gaps allowing hackers to enter and roam freely around their systems.