August 5 2016

As CEO of PCIT I would like to extend a heartfelt thanks to our clients who have worked with us over the last 12 months to protect their data and digital resources.  Together we have defied the odds and won against a host of hackers in a big way.  Referencing a recent global survey by the Osterman group compared to PCIT’s operational results we find our clients had significantly less malware, less downtime from malware and never paid a dime to get their data restored.   According to the survey of over 540 global companies Canadians PAID the ransom 82% of the time and approximately 1/3 of those surveyed were forced into this situation.

If our customers had not been so proactive in educating their staff and promoting a security conscious approach we would have never gotten this far.  In the summer of 2015 our message to clients was ‘Information Technology could NOT control the security of their data and their network without everyone’s participation and ownership of this concern’.  At that point many of our clients had invested in best in class technology but were also open to taking the next step.  Together we had great results.  If we were keeping score for 2015 it would look something like this.

  Typical Canadian organization surveyed PCIT Customers
Profile 5,400 staff + a CIO, IT Director or Chief Information Security Officer + lots of internal IT staff, respondents across Canada 250 or less staff, mostly have PCIT as 100% IT resource, a few cases where PCIT is responsible for operational results and works along side -1 full time internal staff, Peace River region focused
suffered security attack last 12 months 72% 60%
Percent who last data due to ransom ware and PAID between $1,000 – $50,000 to get it back 72% 0%
Percent who lost data when they refused to pay the ransom 82% 0%
Severe downtime – It took more than a day trying to restore endpoint functionality 63% 0%
More than 9 hours to remediate 60% 0%*
Upper management and C-Level executives are at higher risk 8% target C-suite, 22% target managers Typical Cndn organization results seem very similar – don’t have hard data
High Risk 43% lost revenue, 25% stopped operations Data not available – would estimate the actual results were much much lower
Confident they can stop security issues (after all they have lost of ‘smart people’ on staff, and likely someone solely in charge of security) 51% ? I really doubt most of our clients are that confident.  Guessing results would come in under 20% as being confident they can stop security issues.  Most would probably have an internal resource if they felt they could afford it and find one.  However, these results are starting to speak for themselves.

*PCIT did have a remediation that took more than 9 hours in 2014 but it was just after C-level management requested we remove one of our recent security best practices as it ‘was frustrating the staff’.  Less than 2 weeks later 3 million files were erased after a C-level executive experienced a security breach.  Subsequent to that the security best practice was re-engaged and has remained ever since.

Results are based from an international study released in August 2016 of over 540 organizations worldwide.  Canadian specific results were also discussed in this Digital Journal article.

To me these results stress a couple points.  First, we have great clients who have been diligent in working with PCIT in this regard.  Very few push back and ask us to own the security results when we say we need everyone’s help.  Second, our ‘secret sauce’ appears to be working.   In early 2015 we began benchmarking PCIT’s security results across our entire client base and comparing it to individual customers results.  In this manner we could very clearly identify when our clients were hindering or helping the protection of their data and their operations.

Finally, I believe a deep analysis of the above table completely and totally disproves the fallacy that having an in house resource is the best way to support IT.  The facts appear to heavily weigh against the fact that that no matter how smart, how helpful, how well trained, and how well intentioned internal resources are most Canadian organizations have NO IDEA how large their security exposure is.

I can actually picture the conversation in most boardroom’s as being sympathetic to internal IT resources after having to pay a $20,000 ransom like the University of Calgary just did.  Executive’s not knowing how to manage IT try to get results by hiring, providing budget and gauging results by how well they ‘feel’ about the work that is being done.  To most managers having to pay a ransom can be excused because the bad guys are ‘really really bad‘ and they just know their ‘guy(s)’ or ‘gal(s)’ are good.  Results seem to speak otherwise.

If there are organizations who want to manage technology results by more than a ‘feeling’ we would love to discuss if our approach would be a fit.

Written by Darren Boyer

Darren Boyer

Darren Boyer is the founder and president of pcit.

Related Posts:

  • No Related Posts