Canadian companies are not just becoming more vulnerable to the threat of ransomware, but are increasingly desperate to pay off the ransom demands to free their computer systems, a new report from Canadian IT company NOVIPRO has found.
NOVIPRO’s sixth annual “IT Portrait of Canadian Businesses,” produced in collaboration with Leger, found that more than half (56%) of organizations targeted by ransomware have paid the full amounts requested by the threat actors responsible. Of those that paid, 33% worked with a negotiator, while 23% paid the ransom without help from an intermediary.
Notably, the study revealed that 53% of companies said that their employees are their largest source of cyber threats. Among those who indicated this, 31% said the cyberattacks were motivated by malicious intent, while 22% said an employee unintentionally triggered a cyberattack.
The report noted that most of the companies surveyed (60%) have sensitive customer data such as credit card numbers, social insurance numbers, and so on. Nearly a third (28%) of the companies also indicated that they value their information assets at over $1 million.
The rise in popularity of the hybrid work model has also raised cybersecurity concerns among Canadian businesses, NOVIPRO said. Some 43% of respondents said that they are more concerned about a breach since the introduction of hybrid work. This has prompted 73% of organizations to assess their cybersecurity practices, such as through employee training (32%), developing a telecommuting policy (31%), or investing in software (29%), among other measures.
"As an entrepreneur, I am very concerned that so many organizations are paying a ransom," said NOVIPRO co-founder and CEO Yves Paquette.
Paquette advised that companies need to be more proactive in mitigating cyberattacks if they want to limit the impact of malware on themselves and their customers.
“If organizations invested even a fraction of the potential cost of an attack, they could easily put systems in place to guard against such fraud,” the chief executive added.
A previous report released by the Communication Security Establishment’s (CSE) Canadian Centre for Cyber Security in December found that of the 235 recorded ransomware attacks against Canadian companies in 2021, more than half were targeted at critical infrastructure providers – these include businesses involved in energy, healthcare, and manufacturing.