The number of information technology security breaches in Canada jumped 29 percent this year, says a report by the Telus and the Rotman School of Management.
Governments led the increase with a 74 percent hike in reported breaches. "This growing increase [in government breaches] is partially explained by a late but focused investment into detective and reporting capabilities, thereby increasing the number of breaches that have become visible to government entities," the report said. "Secondly, government agencies and corporate entities differ materially in what they consider a breach as they are driven by different regimes, security policies and obligations to their principal stakeholders."
The study, based on responses from 523 organizations, found a "growing trend towards targeted and sophisticated attacks."
"These threats are often designed for monetization, either through the theft of corporate secrets or through the acquisition and abuse of identities and credentials," the report said. The decline in breach costs is attributed to more effective protection technology and an improvement in the ability of Canadian organizations to contain detected breaches, the report said.
The percentage of insider breaches remained steady in 2010 for both government and publicly traded companies but rose to 28 from 19 percent for privately owned companies. Phishing, in which victims are tricked into sharing personal data by con artists purporting to be legitimate and recognized brands, is on the rise. Identity theft and the theft of personal customer information is also up.
Despite the security risks, the report found 2010 security budgets still below 2008, before the austerity measures of 2009 were implemented, which saw average budget cuts of 10 percent. This year, respondents in the survey reported security budgets on average slightly over 6.5 percent of IT budgets.