TORONTO, May 04, 2018 (GLOBE NEWSWIRE) — For the first time in the nation’s history, the vast majority of Canadian private sector companies will be required to identify and immediately report security breaches as of November 1st(PIPEDA), or as early as May 25th (GDPR). Failure to do so will expose companies to direct and indirect costs potentially amounting to millions of dollars in penalties, reporting fees, remediation and lost business.
According to recent studies, Canadian companies already face the highest costs of data breach detection and response in the world. Recent surveys indicate that Canadian organizations last year took on average 173 days to identify security breaches and another 60 days to fix them.
“This is a clear indication of a false sense of security. For example, companies often have backups and antivirus but lack key safeguards like intrusion detection and policy enforcement. We see the damage every week: those unable to prevent and detect are going to have a tough time meeting the imminent deadline for mandatory breach reporting,” said Claudiu Popa, Certified Information Systems Auditor and CEO of Informatica Security. Based on 25 years of advisory and global auditing experience, Popa believes that most companies suffer from a false sense of security due to:
1. Noise: lack of available information and statistics lead to poor decisions and budgeting
2. Confusion: inconsistent adoption of security practices
3. Priority: failure to classify information by sensitivity and value
4. Cyber-insurance: risk transfer is poorly understood leading to inadequate coverage
5. Training: low-value employee awareness programs are incomplete and inconsistent
6. Planning: cyber security policies do not reflect actual practices
7. Reporting: incident detection and breach response are inconsistent
Ransomware has been particularly damaging to Canadian firms, with more than one in three (35%) respondents indicating paying $1000 to $50000 in ransoms to cybercriminals. Such breaches not only cause costly business interruptions, but also theft of personal information. This year, companies will be required to immediately identify breaches and immediately report them to affected individuals.
Claudiu Popa urges boards and business owners to tackle security and privacy compliance preparation in 3 steps:
- Request the guide: “6 Months to Compliance, a Breach Reporting and Notification Checklist for Canadian Companies that Touch Customer Data”
- Assess the risk: Schedule a standardized privacy and security review
- Ask for a signed attestation to verify and demonstrate that the company’s practices conform to standardized security and privacy requirements, including data breach preparedness
About the Company:
Established in 1989, Informatica Security is Canada’s only provider of standardized Verify™ Security and Privacy Risk Assessments for GDPR, PIPEDA and assistance with regulated sector compliance including PCI-DSS, SOC2/CSAE 3416 and CSOX/Bill 198.
Canadian organizations trust Informatica with compliance leadership, security audit support, workforce education, management training, confidential board-level advisory and risk transfer consulting.
For Media commentary and Interviews:
Claudiu Popa, [email protected]