As threats increase, Canadian organizations need to take action to stay ahead in the cybersecurity arms race

Businesses and other organizations in Canada are engaged in a “cybersecurity arms race” as they try to stay ahead of cyber criminals equipped with new, sophisticated tools and techniques to breach security systems and steal data.

In this competition, the attackers increasingly have the upper hand, says Ivo Wiens, field CTO, cybersecurity, at CDW Canada, which provides IT solutions and services to businesses in areas that include cybersecurity, digital infrastructure and cloud technology.

“This ongoing cyber arms race has high stakes, and the risks of falling behind are greater than ever,” he says. “CDW’s research shows that we’re seeing a shift from volume to quality in cyberattacks; while the total number of attacks has declined, the number of successful incidents is on the rise. In other words, the attackers are getting better at breaching IT systems and causing harm.”   

According to CDW’s 2023 Canadian Cybersecurity Study, exfiltrations (data capture and/or removal) jumped from an average of 13 incidents per organization in 2022 to 30 in 2023. Similarly, the number of infiltrations (inserting malicious software and/or other assets) increased from 11 incidents in 2022 to more than 28 in 2023.

Additionally, cyber attacks have a significantly better “hit rate” (number of attacks that are successful and become an incident) than in previous years. Across industries and organization size, 7 to 10 per cent of all cyber attacks were successful in 2023.

“Businesses and organizations are forced to invest in more advanced cybersecurity measures to stay ahead of the ballooning threats from cyber criminals,” Mr. Wiens says.

Cyber criminals thriving in the current business landscape

In the wake of the pandemic, companies rapidly shifted to hybrid work, digital services and adoption of Internet of Things (IoT) devices. The enormous growth of client computing devices, servers and IoT devices means organizations have an “expanded attack surface,” which creates more entry points for malicious actors.

“When organizations had to shift to remote work and provide access to their systems from anywhere, moving to the cloud was an easy and quick solution,” Mr. Wiens explains. “Essentially overnight, we were able to continue to work as before, but as we moved with speed, we didn’t implement the required cyber protections.”

Protecting cloud technologies requires a different set of skills within the security team and a different set of processes, he says, adding that cybersecurity teams were already overtaxed before this enormous transformation. Because of the urgency, organizations took a “shift first and secure later” approach.

“Business is moving at a faster pace than the investments in cybersecurity,” Mr. Wiens says. “Now, technologies like the cloud and IoT have become essential for today’s business functions, while creating an environment in which cyber criminals can thrive.”

Threat detection and response falling short

The 2023 Canadian Cybersecurity Study revealed that the cyber threat detection and response capabilities of Canadian organizations are falling short of what’s needed.

“The trend in delayed response is definitely worsening, in particular for smaller and medium-sized organizations, which often don’t have the planning and processes in place to react to these attacks,” says Mr. Wiens. This has a ripple effect because smaller businesses are often suppliers to large organizations, so the impact of one company’s breach can spread significantly, he says.

According to the study, the average time it takes Canadian organizations to detect a cyber incident is 7.1 days, while the average time to respond is more than twice as long, at 14.9 days. The average time to recover from a cyber incident is 25.6 days.

An average of 48 days pass before an organization resolves a cyber incident.

“That’s a long time for a business to have services or products unavailable, or even worse, to have somebody with free rein inside their systems, accessing their valuable enterprise resources,” Mr. Wiens says.

The consequences are costly, he adds. “Any delay in detection and response times related to cyber attacks puts Canadian organizations at higher risk for regulatory fines, loss of customer trust and greater recovery costs from security incidents.”

Solutions: Getting ahead in the cyber arms race

Cyber attackers are increasingly using artificial intelligence (AI) and automation in their quests to access and steal personal, financial or intellectual data or to disrupt business processes with ransomware and distributed denial-of-service (DDoS) attacks.

These advanced technologies are also available to organizations seeking to protect their data and operations, says Mr. Wiens, and the crucial next step is to expand development and implementation.

Technologies are one aspect of cyber defence, but he stresses that organizations also need to improve their processes and the support they provide their workers to help them avoid costly missteps.

Solutions to help organizations win the cyber arms race include the following:

Use AI-based threat detection and automated and orchestrated response mechanisms.

Develop an incident response plan with policies and procedures to evaluate, contain and recover from a security incident.

Use automated processes and make sure that security teams have developers that can create automation within the environment.

As cyber criminals are becoming more adept at presenting phishing messages that look legitimate, educate workers about what to look for and remind them to take extra steps to verify what is real and what is a clever fake.

While these solutions may seem apparent to those in the industry, the rate at which the cyber arms race is advancing can be overwhelming to organizations. Further, having the in-house resources and expertise to stay ahead of these threats is challenging.

Partnering with third-party cybersecurity solutions providers is the best way to ensure organizations’ networks stay secure, explains Mr. Wiens. “The sophistication of modern cyber threats is enough to keep anyone awake at night. That’s where external IT experts come in. It is their job to understand the threat landscape intimately, allowing organizations to focus on running their business without added concerns.”

Visit CDW.ca/security to learn more about protecting your organization against today’s fast-moving threat landscape.

To view this report on The Globe's website, visit globeandmail.com

To view the full report as it appeared in The Globe's print edition: Cybersecurity Awareness Month