National surveys show Canadian companies may be vulnerable to criminals
Sarah Staples
Sun
Two new national surveys have found disturbing admissions by Canadian companies of their vulnerability to hackers, and evidence that consumers fear personal information is at risk online.
A poll sponsored by a subsidiary of Capital One Financial Corp. and released Tuesday found 77 per cent of Canadians were concerned about identity theft, yet 45 per cent don’t regularly check credit reports.
A second telephone survey by Fusepoint, a Mississauga, Ont.-based IT management firm, Symantec Corporation and Sun Microsystems of Canada, Inc., found that eight in 10 Canadians worry about personal information stored in web-accessible databases.
In that survey of 565 Canadian consumers and business leaders, also released Tuesday, 14 per cent of Canadians admitted they had had their identity stolen by various means.
Some 57 per cent of companies answering the Fusepoint telephone poll admitted they were “only somewhat confident at best” in their IT department’s ability to withstand hackers.
The businesses admitted that both confidential corporate data and private customer data is threatened — even though 96 per cent of companies polled had established protections ranging from anti-virus and anti-spyware software to network firewalls or encryption.
“People haven’t been asleep in the wheel; they’ve invested in different types of technology and data security,” said George Kerns, president and CEO Fusepoint Managed Services Inc.
“But they’re still not confident they’ve got it licked.”
From January to October this year, there have been 9,034 victims of identity theft in Canada, totalling $7.2 million in losses, according to PhoneBusters, an RCMP-associated agency.
According to Kerns, company executives are more concerned that their employees might mistakenly download viruses, spyware or adware than they are about hacker intrusions.
One of the major sources of vulnerability are a new brand of malicious e-mails that specifically target employees, said Clemens Martin, professor of business and technology at the University of Ontario Institute of Technology, a new, tech-oriented university.
People are becoming wise to the classic “phishing” scam, in which victims receive a spam e-mail featuring a link or attachment, or are enticed to a Web site and duped into revealing personal information.
But in a version called “spear phishing,” a perpetrator researches a company before sending fake e-mails to a few employees.
The e-mail, disguised as coming from an internal source, might ask employees to download a screensaver with the corporate logo, or request passwords and other sensitive information be sent to IT managers conducting “network upgrades.”
Downloads contain viruses or malware that afford hackers entry, where real damage can be done including stealing intellectual property, damaging the company’s reputation or cyber-extortion — demanding cash in exchange for protection against future attacks, said Martin, who leads the fledgling university’s hacker IT research lab.
Spear-phishing is lucrative and “astonishing easy,” he said, adding “Traditional phishing attacks cast a wide net to catch many fish; this [spear-phishing] only takes one [employee] to achieve the goal.”
Spear phishers are also targeting ordinary consumers, with e-mails that are addressed directly to them and pretend to come from relatives, friends or business acquaintances.
Canadians are increasingly willing to take a stand, said Kerns.
Thirty-seven per cent, or more than one in four, would consider a lawsuit against a company that left personal information open to attack.
His firm operates 24 hours a day and deflects up to 200,000 hacker attempts daily, he said.
The Capital One survey commissioned Ipsos Reid to poll 2,002 Canadians, yielding a margin of error of plus or minus 2.2 per cent.
Fusepoint’s survey, carried out by Leger Marketing, is considered accurate within 4.1 percentage points, 19 times out of 20.
STEALING YOUR GOOD NAME:
Identity theft is a major concern for most Canadians, as excerpts from an Ipsos Reid survey done for Capital One Bank and released Tuesday shows:
77% of Canadians are concerned about identity theft.
10% feel that information available to guard against ID theft is fully adequate.
45% of Canadians do not review or monitor their credit reports on a regular basis.
21% feel that they are not well- or not at all informed on the issue of identity theft.
51% say “No” when asked if they keep unused credit cards locked in a safe place.
14% say they have been victims of “phishing”, which means they provided personal information online to a source posing as a legitimate institution, like a bank.
9,034* victims reported identity theft from January to October of this year.
$7.2 million* was the value of losses from those reported thefts.
Source: Ipsos Reid/*PhoneBusters
ON GUARD:
Tips on how not to become a victim of identity theft or fraud:
– If you are shopping online, only order on secure web sites — to ensure your information is protected look for an unbroken key or padlock at the bottom of your web browser.
– Streamline your wallet. Take only credit cards, cheques and/or cash that you need. This helps control spending and minimizes loss if the worst happens and your wallet is stolen.
– Protect your credit cards. Sign your card, and write that a merchant must “check ID” on the back of the card.
– Hold on to your receipts. When the clerk asks if you’d like to keep the receipt or “put in the bag,” keep it with you and get gift receipts that can be used for returns or exchanges. Store receipts in a safe place and shred them after you are certain the charges match those on your monthly bank and credit card statements.
– Beware of one of the newer credit card fraud scams known as “skimming.” Keep a close eye on your card while your purchases are being processed so that it is not swiped through alternative devices.
– Don’t leave valuables in your car.
Source: Capital One Bank
© The Vancouver Sun 2005