Sign up for our Newsletters |   Email the Editor    Email a Friend    Print this Page 

Nearly half of Canadian companies experienced security breaches and organizations must act quickly to correct a “skills gap” in the area of control systems and application protection, according to Canadian security experts.

The call for increased training was made Wednesday after an Ipsos Reid survey revealed that 47 per cent of companies in Canada were subjected to virus attacks and other forms of breaches in the last five years.

The study, commissioned by CMS Consulting Inc., a Toronto-based IT infrastructure and security firm, also indicated that a majority of decision makers saw a need for training IT staff on security.

More than half (67 per cent) of the executives said they believed their workers would benefit from more security training.

“Organizations feel good about their (IT) structures but perceive there is a significant skills gap when it comes to dealing with the threats that are out there,” said Brian Bourne, president, CMS Consulting.

He said 76 per cent of the firms polled believe securing the IT network is one of their highest priorities.

Bourne said 90 per cent of companies that conducted self penetration tests reported that their systems were “effectively compromised” by the testers.

This indicates a growing need to beef-up protection for control systems according to another expert.

“Organizations haven't been able to scale up to the challenges,” according to Chris Blask, founder and CEO of Toronto-based security systems integrator Lofty Perch Inc.

Blask said increasing integration of company assets under a single IT infrastructure and control system has improved efficiency but elevated inherent risks.

For instance, he said most air traffic control facilities have perimeter security, operational systems, and IT components tied to networks and switches monitored by a single control system. Most networks are also accessible via Internet to enable remote access.

“While firewalls are deployed to protect these systems, connections to the PSTN (public switched telephone network) and wireless services are often inadequately defended against breaches,” Blask said.

Another industry insider said a growing number of hacker attacks are now aimed at applications. However, majority of IT staff are not trained in dealing with application security, according to Brian O'Higgins, chief technology officer, Third Brigade Inc. based in Ottawa.

“Application software tools are the Achilles heel of most organizations,” O'Higgins said.

He explained that 75 per cent of attacks are targeted on applications because hackers consider them as a “low-hanging fruit.”

“It's easier to load malware onto applications because they are now available through the Internet and are allowed to bypass firewalls,” said O'Higgins.

Even basic training on how to protect applications would result in immediate benefits, he added.

“Companies mustn't concentrate on the threats because they will always be there. Rather, organizations must focus on reducing vulnerability,” O'Higgins said.

Comment: info@itbusiness.ca

Share