Site icon IT World Canada

Many Canadian firms knuckle under to ransomware demands, survey suggests

Many Canadian organizations hit by ransomware feel they have no choice but to pay to either get stolen data back or to get their data decrypted, a new survey suggests.

The survey of 510 organizations released this morning by the Canadian Internet Registry Authority (CIRA), which oversees the .ca domain, found 17 per cent of respondents said they had been hit by ransomware.

Of that group, 69 per cent said their organization paid the ransom demands. Fifty-nine per cent said that data was exfiltrated in the attack.

Interestingly, nearly two-thirds (64 per cent) support legislation that would prohibit paying ransom demands. “Organizations may be paying extortion fees because they fear damage to their public image,” the report noted.

The report is part of CIRA‘s annual Cybersecurity Survey of cybersecurity decision-makers and was released one day ahead of the authority’s participation in IT World Canada’s three-day MapleSEC virtual conference, which starts Tuesday.

Among other findings

“It feels like the pandemic forced 10 years of cybersecurity adoption to happen in about 10 weeks,” Mark Gaudet, CIRA’s general manager for cybersecurity and DNS services, said in releasing the survey. “The pivot to work-from-home and employees using their own devices really increased the number of security threats facing organizations, and the bad guys did everything they could to take advantage of the situation. But our survey shows that Canada’s security pros didn’t take it laying down. They got to work and implemented new policies, technologies, and security training boot camps for staff—protections they plan to keep in place long after the pandemic.”

 

Exit mobile version