Half of small businesses falling prey to cyber attack

One in 10 succumb to 'whaling' attempts: survey

Half of small businesses falling prey to cyber attack

Cyber attacks continue to hound Canadian employers, and these come in different shapes and forms, according to a recent report.

Nearly half (45 per cent) of small businesses in Canada have experienced a random cyberattack in the past year, and 27 per cent have gone through a targeted attack, finds the Canadian Federation of Independent Business (CFIB).

Employers in professional services (57 per cent random, 28 per cent targeted) and wholesale (58 per cent random, 38 per cent targeted) sectors are most likely to report experiencing cyberattacks in the past year.

During that same period, over one in 10 (11 per cent) of businesses also experienced a whaling attempt – a phishing attack targeting or impersonating a CEO or business leader.

Attacks on web applications rose by 800 per cent in the first six months of 2020 compared to the same period in 2019, according to a previous report.

But employees are more likely to become victims of HR-related phishing emails, according to a separate report.

Better training needed

The recent trend points to a need for education within businesses, says Mandy D'Autremont, vice-president of marketing partnerships at CFIB. 

“It is paramount that we do everything we can to get small business owners access to cybersecurity training for themselves and their employees. Combining specialized courses, engaging technology, incentives and expanded access will ultimately help protect our members, the broader business community and Canada's economy."

However, only 11 per cent of businesses had offered mandatory cybersecurity training to their employees in the past year, and just eight per cent had provided optional training.

A large percentage of companies are underprepared when it comes to data protection, according to another report.

Security-related risks decrease by 70 per cent when businesses invest in cybersecurity awareness training, according to IT services and support provider Accent Consulting.

“Cybersecurity awareness is important to reducing threats that could result in data breaches or other cyberattacks,” it says. “Proper training can ensure that your employees are effective in implementing secure business practices. The more they know about security and the potential threats, the better they’ll be as an extra defense mechanism to protect your business.”

With this, employers also save time and money, retain their clients’ trust and boost employees’ confidence, according to Accent.