Canadians continued to be on the receiving end of targeted cyberattacks and malware incidents in 2022, says a new report.
In its ninth annual State of the Phish report, California-based cybersecurity company Proofpoint surveyed thousands of employees and security professionals. Those results were combined with the company’s own internal data on phishing attacks.
Such an attack is an attempt to steal money or identity; it's done by getting people to reveal personal information such as passwords, bank data or credit card numbers on websites pretending to be legitimate.
In the report, released Feb. 28, Proofpoint found that eight in 10 Canadian organizations (82 per cent) experienced at least one successful email-based phishing attack in 2022. Meanwhile, 23 per cent experienced direct financial losses as a result.
The results also show 66 per cent of Canadian organizations experienced an attempted ransomware attack in the past year. Proofpoint says 50 per cent suffered a successful computer infection but only 56 per cent regained access to their data after making the initial ransomware payment.
The findings note more than one in three Canadian organizations hit with a computer infection paid the ransom and 33 per cent did so more than once.
Of the organizations impacted by ransomware in Canada, 90 per cent had a cyber insurance policy in place for ransomware attacks, and most insurers (71 per cent) were willing to pay the ransom either partially or in full.
The survey said 46 per cent of organizations reported data loss due to an insider’s action. Among those who have changed jobs, 46 per cent admitted to taking data with them.
The global report drew on surveys of 7,500 working adults and 1,050 internet technology security professionals across 15 counties.
It also included findings sourced from 135 million simulated phishing attacks sent by Proofpoint customers over a 12-month period and more than 18 million emails reported by customers’ end users over that same time period.
Many forms of cyberattack are contingent on what is known as social engineering: “Using psychological manipulation, threat actors unsettle victims into making mistakes, ignoring warning signs or trusting malicious messages,” the report said. “Social engineering’s power comes from the fact that people often rely on mental shortcuts when making decisions. One of the clearest examples of social engineering is brand abuse.”
There, cybercrooks rely on people trusting major brands and use that trust to commit fraud. The most abused brands are Microsoft, Amazon, DocuSign, Google, DHL and Adobe, the report said.
Cyber security firm Fortinet's FortiGuard Labs has operations in Burnaby. It said cybersecurity has always been a dynamic industry able to adapt quickly to new cybercrime tactics.
"This is more crucial than ever as recent data shows 64.7 billion total threats hit Canada in 2022, representing 14.6 per cent of North America threats observed," Fortinet found in recent data.
"The increase of sophisticated new attacks is making it extremely difficult for consumers and businesses alike to prepare themselves against cybercrime. Keeping on top of new trends will help organizations and individuals stay one step ahead of bad actors in mitigating future attacks," the company said.