From lack of penetration testing to blind cloud consumption, here’s what the 2021 CDW Security Study reveals about vulnerabilities facing Canadian businesses today
As malicious actors continue to take advantage of the newly digitized, the cybersecurity space has become a topic of major concern over the last year for Canadian businesses of all shapes and sizes. Our recent Cybersecurity Study, Innovation in Cybersecurity: Approach, Tools and Technologies, reveals key trends in the evolving threat landscape, what businesses should consider when planning future security investments and the ever-evolving vulnerabilities that Canadian businesses face in today’s increasingly digital world.
While it’s not surprising that digital solutions have played an important role in maintaining business continuity for many organizations since the outset of the pandemic in early 2020, it may come as a surprise to learn that they have also led to an all-time high cost of cybercompromise. An average cost of $1,257,000 expended per organization, to be exact, with 99 percent of businesses surveyed having reported a cyberattack between November 2019 and November 2020. This demonstrates that considering cybersecurity solutions as part of a business’ yearly planning process and ongoing efforts to maintain them are key to mitigating millions of dollars in losses and ensuring Canadian businesses are set up for success.
The study highlights both internal and external threats to implementing and maintaining a strong security posture, and key findings include:
Regular penetration testing is essential to understand attack surfaces
While it’s important for weaknesses to be identified in order to be proactively managed and prevented, the study finds that more than half (57 percent) of businesses surveyed report that their risk management process is informal or that they do not scan for vulnerabilities at all. This is extremely concerning as this leaves businesses exposed to unknown threats and potential exploitation across infrastructure, applications, users and employees. This introduces significant risks that can have devastating consequences on businesses in the short and long term.
Managing supply chain and third-party risk is more critical than ever
As digitization intensifies and businesses continue to shift between remote and hybrid operating models, processes and workflows are increasingly extending to third parties. Unfortunately, the study reveals this can expose critical security gaps, as three quarters (76 percent) of businesses surveyed have experienced a security breach due to the poor security practices of a third-party partner between November 2019 and November 2020 – a number that increases with business size. This demonstrates that ongoing reviews and carefully selecting partners in the planning process have never been more important and remain critical to avoiding any potential cybersecurity pitfalls.
Multilayer security approach for cloud consumption is key to improved security
As more businesses continue to migrate to the cloud, it’s important that this is not done blindly. Deploying a multilayer framework-based approach to cloud consumption is a great way to ensure security is maximized and that there’s also alignment with existing security programs. The study shows that businesses with larger distributions of data in software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) are more likely (86 percent) to have a multilayer approach to using cloud security. These businesses experience fewer infiltration and exfiltration incidents as a result of their multilayer approach to cloud security, demonstrating that that this approach should be prioritized as the future of work becomes increasingly hybrid.
As cybercriminals become increasingly sophisticated in exploitation methods, this year’s study highlights the importance of businesses staying ahead of threats by implementing preventative measures rather than reactive recovery approaches to cybersecurity. Interested in learning more? The full report can be downloaded here: cdw.ca/securitystudy