(Reuters) - Hackers attacking Canadian organizations are determined to make money in targeted campaigns while government insiders stole more data than ever before, a security study released on Tuesday showed.
The number of breaches in Canada and the cost of dealing with them have spiked since the 2008 financial crisis, according to a joint study from telecom company Telus and the University of Toronto’s Rotman School of Management.
The study, its fourth annual report, said the crisis had both pressured budgets for information security and created a darker “threat environment.”
The average Canadian public company suffered 18 breaches in 2011, up from less than 12 breaches a year earlier, the study found. Government bodies were able to reverse the trend of increasing breaches; there were just over 17 this year after a spike above 22 last year.
But insider breaches, where an employee deliberately accesses confidential information, spiked in the government sector despite falling in public and private companies.
Forty-two percent of breaches in government were perpetuated by insiders, which the researchers called “the most startling finding from the research.”
Sophisticated attacks are focused on individuals and their data and often seek a continuing information stream for financial or political gain, the study said.
“These attacks are reported less frequently as they are much harder to detect and often involve much longer timeframes,” the study’s authors wrote.
The most popular weapons of choice for hackers remain a motley collection of viruses, worms, spyware, malware and spam, though phishing and pharming are also popular.
The direct costs associated with security breaches fell for all organization types, to an average of almost C$83,000. In 2010, breaches cost more than C$179,000 per organization, while in 2009 it was C$834,000.
Reporting by Alastair Sharp; Editing by Phil Berlowitz