In May 2020, Celero hosted a Celero Protex™ Managed SIEM Services Webinar to discuss why Canadian credit unions should focus on security, to define Celero’s Managed SIEM offering and to outline Celero’s security roadmap. The webinar which featured Theo Van Wyk, Head of Solution Development & Cyber Security, CDW Canada, who spoke about the results of CDW’s 2020 Security Study: Cyber Resilience. During the webinar, Theo provided insight into cyber security trends and findings from the past year. As part of Cyber Security Awareness Month, we are going to look back on that webinar and the cyber security insights that Theo spoke about.

Methodology

On behalf of CDW, International Data Corporation (IDC) Canada conducted CDW’s sixth annual security study over the course of October-November 2019. Stakeholders from 2000 organizations were surveyed with strict criteria to provide insight into these Canadian organizations and to further understandings of industry trends. According to Theo, the study has become highly anticipated, with many clients asking for a process version of the data.

With 524 respondents, the organizations surveyed were comprised of small businesses (15-249 employees) with 20.99% participation, medium/large businesses (250-4999 employees) with 50% participation and enterprise businesses (5000+ employees) with 29.01% participation. To ensure the data was representative of Canada, respondent businesses were headquartered all across the country with 20.04% from Western and Central Canada (BC, AB, SK, MB), 38.55% from Ontario, 24.05% from Quebec, 14.05% from Atlantic Canada (NB, NS, NFLD, PEI) and 2.86% not headquartered in Canada but with significant business in Canada.

2020 Study Concepts

The theme of this study was to dive in and uncover the difference between cyber security versus resilience. Cyber security is more common in this space but can create limitations and often consists of preventative measures. Resilience encompasses the concept that you cannot recover and continue with business. Additionally, the incident types mentioned in the study include denial of service, infiltration and exfiltration. Denial of service does not have to be a breach but does cause an impact. Infiltration includes a breach of your security defenses that can make it into the network but does not impact PII or sensitive corporate data (E.g. ransomware). Exfiltration is a breach that will impact data and you will have to disclose what data has been lost to governing bodies.

Cyber Security Numbers Across Canada

All 524 respondents in the survey indicated that they were attacked in the last 12 months. Additionally, attack success rates continue to rise. The statistics below aren’t meant to be frightening but rather to indicate the severity and necessity of a robust security posture as cyber threats impact every business no matter their size.

The Cost of Poor Cyber Security Planning

Similarly, the survey results show the prevalence and threat to an organization if they do not have a cyber security plan in place. The costs mentioned below are linked to days of downtime caused by incidents. The average cost can be very daunting but the cost per employee is around $2000 so it is all relative to the size of the organization.

CDW Recommendations

1. Integrate cyber security and enterprise risk management strategies. Integrated and centralized cyber risk and ERM strategies reduce the number of cyber security incidents organizations experience.
2. Closely review your third-party partner ecosystem. More than four in five Canadian organizations experienced a breach due to the poor security hygiene of partner. Conduct formal threat risk assessments when possible and use questionnaires to monitor the ongoing security posture of partners.
3. Adopt AI/ML cyber security tools. Adopting AI/ML tools can be challenging but proper planning will improve project outcomes. It’s important to understand your processes and response strategy to be able to orchestrate them before trying to automate them.
4. Be aware of who and what is on your network. Gaining visibility across your entire network is key to properly understand vulnerabilities, assess business impact if a vulnerability is exploited, and calculate risk. The increase in remote workers makes this more important than ever.
5. Ensure you can return to a trusted state after an incident. Four out of five organizations that were affected by ransomware suffered a repeat infection from the same ransomware after recovering. Proper incident response and recovery planning will reduce this probability and improve resilience.

Contact us to learn more about the Celero Protex Managed SIEM or to sign up.

Make sure to follow Celero on Facebook, Twitter and Instagram during Cyber Security Awareness Month to see our insight, organizational tips and thought-provoking questions to help keep your credit union as safe as it can be.

Related posts:

Cyber Security Awareness Month: Everything You Need to Know about Assessing Risk

Importance of mobile security

 5 things to know about Celero Protex security solutions

Fraudsters Exploiting Covid-19 for Profit

How to be more secure in 2020

Are you practicing good cyber hygiene?

Infographic: 5 ways cyber criminals bait businesses through phishing

Protect your credit union credentials from dark web dangers

Preventative Care - one more layer of risk mitigation

Subscribe to Celero Insights.