CDW Cybersecurity Study: Why Faster Threat Detection and Response is Needed
The more time it takes to detect and respond to cyberincidents, the greater the potential for damage to a business and the more costly the resolution and recovery will be.
The sophistication and speed of modern cybersecurity intrusions makes it critical for Canadian organizations to be equally swift in their reactions and responses.
CDW Canada’s recently published 2023 Canadian Cybersecurity Study reveals the threat detection and response capabilities of Canadian organizations are falling short. Detection and response delays give cyberattackers free reign and can result in costly consequences, says CDW Canada’s Chief Technologist for Cybersecurity, Ivo Wiens.
“Any delay in detection and response times related to cyberattacks puts Canadian organizations at higher risk for regulatory fines, loss of customer trust and greater recovery costs from security incidents – at the expense of investments in IT growth initiatives that support business goals,” he says.
“Cyberattackers try to access and steal personal, financial or intellectual data, or they attempt to disrupt business processes with ransomware and DDoS attacks. With the increasing sophistication of tactics, techniques and procedures, a data breach or the reoccurrence of a serious cyberincident has become more likely than ever before.”
According to the study, the average time it takes Canadian organizations to detect a cyberincident is 7.1 days, while the average time to respond is more than twice as long at 14.9 days. The average time to recover from a cyberincident is 25.6 days.
An average of 48 days pass before an organization resolves a cyberincident, which keeps open a significant time window during which cyberattackers have access to valuable enterprise resources and, according to Wiens, “significantly tips the scale in favour of adversaries.”
Businesses are exposed to greater risk and loss
The longer it takes to detect and respond to a cyberincident, the greater the risk there is for damage to a business and the more costly the resolution and recovery. This puts businesses at risk for:
- Detailed reconnaissance: The longer an attacker stays inside an organization’s network, the more time they have to identify and locate sensitive information, gather financial information for ransomware negotiation and make lateral moves throughout an organization’s IT infrastructure and resources.
- Reinfection: Given enough time, attackers find ways to avoid detection or create mechanisms for re-entry (for example, installation of back doors, password theft and more).
- Evidence tampering: Slow response gives attackers a window of opportunity to remove evidence, which makes efficient recovery even more difficult.
- Recovery backlog: Slow detection and response leads to a cascading effect for resolution and recovery that can create backlogs and add significant delays and costs for recovery.
Downtime frustrates customers
Wiens says a key trend seen in today’s business and consumer markets is impatience with delays or outages to both in-person and online services.
“Just as impatient diners demand fast and efficient service at a restaurant, modern customers expect quick and seamless digital experiences from businesses,” he says. “At a restaurant, if the kitchen is slow or a server forgets an order, diners become frustrated and may leave.
“Similarly, if a website is slow to load, an app crashes or a payment system fails, customers quickly lose patience and may take their business elsewhere,” he says. “Like a restaurant striving to keep its diners happy, businesses must prioritize the delivery of fast and reliable digital services to keep their customers satisfied and loyal.”
IT security teams face immense pressure to deliver results quickly and efficiently, just like a chef working in a busy kitchen. Unlike the kitchen, where a meal might be sent back to better meet a diner’s standards, customers in the digital world have “zero tolerance” for delays or disruptions, Wiens says.
The impatience of modern customers is just one element of the pressure that IT security teams feel. Wiens adds that CEOs and CFOs are also acutely aware of the financial impacts of downtime resulting from cyberincidents. That puts even greater pressure on IT security teams to not only prevent attacks but minimize downtime in the event of an incident.
Why we’re in a cybersecurity arms race
In the current landscape, businesses and the cybersecurity industry are continually tasked to keep pace and stay ahead of cybercriminals who are constantly developing new and sophisticated tools and techniques to breach security systems and steal data.
“We are seeing a shift from volume to quality in cyberattacks, where businesses and organizations are forced to invest in more advanced cybersecurity measures to stay ahead of the threats,” Wiens says. “This ongoing ‘cyber arms race’ has high stakes and the risks of falling behind are greater than ever.”
CDW’s research shows that, while the total number of cyberattacks saw an overall decline, the number of successful incidents continues to trend upwards. A sharp rise in exfiltrations (data capture and/or removal) was reported by respondents in the 2023 CDW Security Study – jumping from an average of 13 incidents in 2022 to 30 in 2023. Similarly, the number of infiltrations (inserting malicious software and/or other assets) also increased from 11 incidents in 2022 to more than 28 in 2023.
Cyberattacks reported in 2023 had a significantly better “hit rate,” which means a greater number of attacks are successful. Across industries and organizations by size, 7 percent to 10 percent of all cyberattacks were successful, with the highest hit rates found in government and education.
“This tells us that we are winning the war on noise but are not doing any better at stopping the important breaches,” Wiens says.
Get the full CDW Security Study
CDW’s 2023 Canadian Cybersecurity Study was authored by IDC Canada and is based on an independent survey of more than 550 IT security and risk & compliance professionals across six industries. The resulting study assesses the cybersecurity challenges of their organizations, what were their greatest concerns regarding cyberthreats and identifies the security tools and strategies they use and are adopting.
The study provides comprehensive analysis and offers insightful recommendations by IDC’s security experts for how Canadian organizations can minimize risks and improve their cybersecurity defences and responses.