Science & Technology

The Canadian Press - ONLINE EDITION

Canadian businesses are resigning themselves to being hacked: study

By: David Friend, The Canadian Press

Posted: 03/7/2013 6:22 PM | Comments: 0

TORONTO - Canadian businesses have set themselves up to be hacked, and a new study has found that some companies believe that it's almost inevitable they'll fall victim to a security breach.

Telus and the Rotman School of Management at the University of Toronto says its annual study on IT security found a "pervasive sense of vulnerability" at many corporations.

"Security managers are not very confident that they can identify whether a breach actually occurred or whether they're actually in the midst of a current breach," said Walid Hejazi, a professor of business economics at Rotman.

He said the findings suggest Canadian companies are operating with "a false sense of security."

The fifth edition of the study, released Thursday, used qualitative evidence to back up past quantitative reports. Instead of compiling hard numbers, it relayed anecdotes from various industries around the country.

In one of the interviews, a chief information officer for a large company, told Hejazi that when he was hired, he laid it out for his bosses.

"I told senior management that we will be breached within the next 18 months, so get over it now," the report quotes the unnamed senior executive as predicting.

The executive declined to offer further comment when asked if a breach actually occurred.

Hejazi said the findings are reminiscent of the troubles that former technology giant Nortel Networks faced when international hackers broke into its corporate computers and accessed information for nearly a decade.

The Nortel security breach gave hackers "plenty of time" and "access to everything," according to 19-year Nortel veteran Brian Shields, who was behind a six-month investigation into the security breach that is believed to have started in 2000, but was only made public in 2012.

Corporate hacking can be motivated by international espionage to "hackivist" groups like Anonymous who are working for a specific and often very public cause.

Hejazi said that organizations that operate with a "Yes" mentality, or are open to discussions with their staff about how to use technology responsibly, are more secure than companies with rigid security controls. Employees who become frustrated with exceptionally tight security will find ways around it, he said.

But he noted that hacking dangers can lie in many unsuspected places. Even an attachment file can directly lead to a security breach, or using free public computers at a conference in another country that has keylogging spyware installed.

"You just open the door to your organizations when you use those kinds of assets," he said.

Factual inaccuracy? Something missing? Help improve our journalism.

Know about news? Share your story suggestions, photos and video.

Spelling error? Punctuation problem? Send us an email if you’ve found a typo.

More Science & Technology

Undock

You can comment on most stories on winnipegfreepress.com. You can also agree or disagree with other comments. All you need to do is register and/or login and you can join the conversation and give your feedback.

Have Your Say

New to commenting? Check out our Frequently Asked Questions.

The Winnipeg Free Press does not necessarily endorse any of the views posted. By submitting your comment, you agree to our Terms and Conditions. These terms were revised effective April 16, 2010.