A quarter of Canadian businesses say they have already been the victim of a cyber attack in 2021, according to a Leger survey commissioned by technology firm NOVIPRO.

"The survey shows that cybersecurity is far from being a hypothetical risk," said NOVIPRO information security head Dominique Derrier. "As soon as a company generates value, it appears somewhere on a cyberthreat map."

Derrier is also president of the Information Security Association of Metropolitan Montreal.

NOVIPRO's sixth annual IT portrait reveals that more than half (56 per cent) of Canadian organizations targeted by malware have paid the money demanded by cybercriminals.

"This difficult decision means that a company must reduce its profit to pay a criminal organization," said NOVIPRO president and co-founder Yves Paquette. "If we had used part of these amounts for prevention, we could have easily avoided any action like this."

Both experts are surprised that only 40 per cent of respondents plan to train their employees in this regard, even though 76 per cent of companies say they have reviewed their cybersecurity practices.

Derrier said cybersecurity training is often seen as essential by employers, but not all employers place the same importance on follow-up training to refresh the memories of their already-trained employees. "Cybersecurity, you have to train, like a sportsman," he said.

As an example, he highlighted phishing scams, a technique used by fraudsters to obtain personal information, often by means of a fraudulent e-mail or text message.

"If you don't train yourself to recognize them, if you don't train yourself to visualize these elements, you can more easily fall into this trap," he said. "Training must be done on a recurring basis."

In addition to training, Paquette suggests testing employees by sending fake phishing emails to identify those most likely to be caught in the trap and taking advantage of their mistake to give them more tools to recognize them.

ADDITIONAL RISK WITH TELECOMMUTING

The widespread adoption of telecommuting has also increased the risk factors for computer network security. In fact, 43 per cent of respondents are more concerned about a breach since the implementation of hybrid work.

"Certain telecommuting behaviours can put an organization's data at risk," said Paquette.

He noted that the Internet network or devices used at home may not have the same level of security as devices in the office.

"Maybe the computer was used to do a personal video conference at home, maybe your teenager uses it to play online games," he said. "Your device is much more exposed to attacks or security breaches."

LABOUR SCARCITY

Unsurprisingly, labour scarcity is a big concern for respondents, according to the survey.

Forty-five per cent of respondents said they were having difficulty attracting qualified talent. Retaining key resources is also an issue for 36 per cent.

"Finding qualified workers is not easy in today's market," said Marco Babin, senior director of information technology at CDMV, a veterinary products distributor based in Saint-Hyacinthe. "The supply of jobs exceeds the number of employees, which makes it difficult to find the right candidate. It's crazy!"

"Telecommuting is a double-edged sword," said Babin.

Offering telecommuting has allowed an employer to find an employee who lives in Quebec City, for example. However, workers in the St. Hyacinthe area can also go work elsewhere, which increases the pool of potential competitors, including the large Montreal head offices where salary scales are different, said Babin.

-- This report by The Canadian Press was first published in French on Feb. 7, 2022.