CDW Canada study reveals 99 per cent of Canadian businesses reported cyberattack

CDW Canada released its 2021 cybersecurity study, Innovation in Cybersecurity: Approach, Tools and Technologies, revealing that regular penetration testing, multi-layer framework-based approaches to cloud consumption and third-party risk management all play a role in mitigating cybersecurity incidents for Canadian businesses.

Since the outset of the pandemic, digital solutions have played an increasingly important role in maintaining business continuity for Canadian organizations. Unfortunately, this has led to the cost of cyber compromise reaching an all-time high as malicious actors continue to capitalize on the ongoing changes and disruptions facing businesses today. This has increased by 47 per cent from $853,000 in 2019, with 99 per cent of businesses surveyed having reported a cyberattack between November 2019 and November 2020.

“New technologies and using existing technologies in new ways breed new risks, and this year’s findings highlight that remote infrastructure as well as the extension of processes and workflows to third-party partners are stretching cybersecurity resources to the limit,” said Theo van Wyk, head of Cybersecurity and Solutions Development at CDW Canada in a statement. “Failure to consider cybersecurity solutions as part of a business’ yearly organizational planning and to maintain them on an ongoing basis is a problem that can result in millions of dollars in losses. Cyber criminals are becoming increasingly sophisticated, and businesses need to stay ahead of threats to ensure their security posture remains strong at all times.”

Regular penetration testing is essential to understanding attack surfaces

As the threat landscape continues to evolve, vulnerabilities need to be regularly identified and managed through regular penetration testing. This is essential for businesses to identify their weaknesses and exploitable attack surfaces across infrastructure, applications, users and employees in order to implement preventative, rather than reactive, recovery approaches.

The study revealed that more than half (57 per cent) of businesses surveyed reported their vulnerability management is informal or that they do not scan for vulnerabilities at all. This is extremely concerning as failing to conduct planned, regular penetration testing leaves businesses exposed to unknown vulnerabilities and potential exploitation. This poses a significant risk that can have devastating and lasting consequences on businesses in both the short and long term.

Supply chain and third-party risk is more critical than ever

As digitization intensifies and businesses continue to shift between remote and hybrid operating models, organizational processes and workflows are increasingly extending to more third parties and can expose critical security gaps.

According to the study, three out of four businesses surveyed (76 per cent) have experienced a security breach due to the poor security practices of a third-party partner between November 2019 and November 2020. This number also increases with business size, likely due to larger businesses having more suppliers, third-party partners and complex IT environments compared to smaller peers. While regularly reviewing third-party partner security can be challenging when working with multiple partners, the survey suggests that ongoing reviews and carefully selecting partners to avoid any potential cybersecurity pitfalls has never been more important to ensuring a strong security posture.

Multilayer security approach for cloud consumption is key to improved security

The study shows that businesses with larger distributions of data in software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) are more likely (86 per cent) to have a multilayer approach to using cloud security. Despite being attacked more often, these businesses experience fewer infiltration and exfiltration incidents as a result of their multilayer approach to cloud security.