3 Ways Canadian Organizations Can Solve Their Biggest Cybersecurity Challenges

Higher infection rates

The latest Canadian Cybersecurity Study compares data with previous years’ studies in order to depict the evolution of threats. In 2024, a growing number of Canadian organizations reported that they suffered security incidents in the last 12 months. The proportion of cyberattacks that became cyberincidents jumped from 7-8 percent in 2023 to 9-10 percent in 2024, signalling a higher infection rate.

DoS attacks on the rise

When it comes to the type of cyberattacks, smaller organizations saw a sharp incline in denial of service (DoS) attacks, rising from 34 percent to 46 percent in a year. They also reported a sharp increase in downtime due to DoS attacks at 18 days in 2024, compared with 12 days in 2023.

Elevated attack surface

As more laptops, PCs, servers and IoT devices entered the environment, the risk has also risen. The growth in endpoint devices, among other IT components, helped contribute to an expanded attack surface.

Risks of adversarial AI

While a majority of organizations believe in AI’s potential for improving cyberdefence, concerns about its use by attackers are also quite high. For instance, 58.4 percent of organizations perceive that AI could be used to automate the process of discovering and exploiting vulnerabilities.

Here we explore some of the biggest security challenges in front of Canadian organizations, with statistical evidence and recommendations for potential resolutions.

The public cloud is recognized for its massive scalability, high availability and comparatively lower CAPEX. Due to these benefits, several organizations saw it as a viable option during the pandemic when digitization was a top priority.

But soon, cyberattackers caught wind of this move towards public cloud and began exploiting cloud’s shared responsibility model. Canadian organizations have indicated that public cloud environments had the biggest share of IT components being impacted by a cyberattack, up from 43.5 percent in 2022 to 56.7 percent in 2024.  

Key public cloud concerns

• Organizations have become wary of public cloud services, with 73.8 percent of respondents concerned about data security.
• Public cloud adoption has taken a hit, preventing organizations from utilizing the many benefits it has to offer.
• One in three Canadian organizations believe themselves short-changed on the security in cloud promise.

As studies suggest, data stored in public cloud is often seen as a key risk. To help combat this risk, our cybersecurity partner Rubrik offers cyber recovery and DSPM solutions.

Rubrik Cyber Recovery

Rubrik Cyber Recovery is designed to enhance an organization’s ability to recover from cyberattacks and improve its overall cloud security posture. It enables organizations to conduct forensic investigations in isolated data recovery environments. Rubrik also has a dedicated Ransomware Response team available 24/7/365 to help customers recover in case of a cyberevent at no additional cost.  To date they have helped over 170 customers recover without data loss and 97 percent of them have recovered quickly enough to not be publicized.

The solution comes with the following benefits:

• Testing and validation: Organizations can create, test and validate their recovery playbooks to meet recovery SLAs.
• Isolated investigations: Facilitates post-attack forensic investigations in isolated environments, separate from production.
• Malware-free recovery: Ensures that snapshots are free of malware before restoring them to production.

DSPM Everywhere

Rubrik’s data security posture management (DSPM) solution helps organizations identify threats with enhanced risk assessment, policy enforcement and continuous monitoring for sensitive data across public clouds. It adds value with the following features:

• Autonomous discovery: Discovers, classifies and catalogues all known and shadow data across public cloud environments, enabling organizations to have a comprehensive view of their data landscape.
• Risk prioritization: Prioritizes data based on sensitivity, security posture, volume and exposure, helping organizations focus on protecting their most critical data assets.
• Policy enforcement: Assesses the security posture of sensitive data against pre-built policies, alerts on violations and offers actionable remediation guidelines.  

Zero-trust security is a modern approach to security that is particularly beneficial for organizations that have invested in cloud services to support hybrid work, employee mobility and business innovation.

However, the study highlighted that a higher preference is being given to zero-trust access (ZTA) without accounting for supporting technologies. Only 46.1 percent of organizations report implementing multifactor authentication for mission critical applications and about one-third (33.8 percent) of organizations have unified directories for identity management in place.   

Key zero-trust concerns

• Incomplete adoption of zero-trust technologies leaves organizations vulnerable to cyberattacks.
• Prioritizing ZTA alone often leads to a false sense of security, which may result in security expectations being unmet.
• The complexity of zero-trust adoption may hinder industry-wide adoption.

To improve the adoption of zero-trust technologies, solutions from our partners at Cisco offer a comprehensive set of advantages across users, devices, networks, clouds and apps.

Cisco’s zero-trust solutions

• Duo: Provides a multifactor authentication (MFA) solution that ensures secure access by verifying user identities through multiple factors (such as passwords, biometrics or hardware tokens). Establishes trust by continuously validating access attempts, protecting applications regardless of their location.
• Secure Endpoint: Protects endpoints (such as laptops, desktops and servers) from threats like malware, ransomware and phishing attacks. Ensures that only trusted devices can access Duo-protected applications, blocking compromised endpoints from accessing critical resources.
• Secure Email: Enhances email security by preventing phishing, malware and data leaks. Enhances zero-trust security by verifying user identities and continuously monitoring email traffic.
• Identity Services Engine: Plays a foundational role in zero trust by making contextual access decisions and enforcing policies. Ensures that only trusted users and devices access resources, enhancing security across the network.
• Secure Firewall: Contributes to zero trust by segmenting networks, unifying policies and accelerating threat detection and response. Ensures that access is based on trust, not assumed privilege.

In a landscape where endpoint risk exposure has increased and sophisticated cyberattacks continue to grow, threat prevention and zero-trust access alone may fall short.   

The lack of prioritization of threat detection and response might be a gaping hole in security strategies. The study revealed that that less than one-third of organizations have a policy that mandates security monitoring for threat detection.

Declining adoption for threat detection technologies such as SIEM, XDR, SOAR, etc., has also been observed, down from 43.9 percent in 2023 to 39.8 percent in 2024.

Key threat detection and response concerns

• A focus on ZTA without threat detection and response can lead to a false sense of security.
• In the long term, this can affect security objectives such as maintaining a secure environment, protecting sensitive data and ensuring business continuity.
• Lack of adequate threat detection capabilities increases the risk of sophisticated phishing attacks or insider threats that can bypass prevailing defences.

Organizations can help close their security gaps by leveraging enhanced threat detection and response capabilities from our partners at Microsoft.

Microsoft’s threat detection and response solutions

Microsoft Sentinel

Sentinel is a scalable, cloud-native security information and event management (SIEM) solution that comes with an intelligent and comprehensive platform for security orchestration, automation and response (SOAR). It can identify malicious activities and qualify them as threats by monitoring datapoints across cloud apps, servers and devices.

Microsoft Sentinel’s key capabilities include:

• Cyberthreat detection: Detects threats across your enterprise by analyzing security data.
• Investigation and response: Allows you to investigate incidents and respond effectively.
• Proactive hunting: Provides a bird’s-eye view of your organization’s security landscape.
• Integration with Azure services: Natively incorporates Azure services like Log Analytics and Logic Apps.
• AI-enhanced detection: Enriches investigations with AI and supports both Microsoft’s threat intelligence and custom threat intelligence.

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is a cloud-powered endpoint security solution designed to secure against a wide range of threats on various platforms. It monitors for threats emerging within user laptops, smartphones, IoT devices, etc. and deploys response measures to prevent cyberincidents.

Microsoft Defender’s key capabilities include:

• Anti-malware: Detects and prevents malware infections.
• Cyberattack surface reduction: Minimizes vulnerabilities by providing insights into your attack surface.
• Conditional access: Enforces access controls based on device health.
• Endpoint detection and response (EDR): Investigates and responds to advanced threats.

CDW Canada’s security operations centre (SOC) offers key cybersecurity services to strengthen organizational defences against cyberattacks and implement partner security solutions. Our proven expertise in solutions offered by partners including Cisco, Rubrik and Microsoft simplifies adoption for our customers, enabling them to experience the full benefits of their security investments.

We recently launched two Microsoft Security managed services in light of growing sophisticated cyberattacks: MDR for Defender XDR and MDR for Sentinel. By aligning with the NIST Cybersecurity Framework and leveraging a risk-based security approach, our managed services help organizations prepare, defend and respond to cyberthreats.

Key features

24/7/365 managed detection and response

Our managed detection and response (MDR) services operate around the clock, ensuring continuous monitoring of networks, endpoints and cloud environments. Our robust MDR capabilities enable advanced threat detection through automated event correlation, resulting in swift incident qualification, response and containment. With 24/7/365 threat monitoring, triage, investigation and security incident remediation, we provide comprehensive protection against cyberthreats.

Advanced threat detection and response capabilities powered by Microsoft Defender XDR and Sentinel

Our MDR services for Microsoft Defender XDR and Sentinel leverage the comprehensive threat detection and response capabilities of Microsoft’s Defender XDR and Sentinel platforms. Microsoft Defender XDR and Sentinel provide a robust extended detection and response (XDR) system designed to protect against cyberthreats across hybrid environments.

Defender XDR integrates security data from endpoints, identities and applications to offer incident-level visibility and employs AI to automate threat disruption. It operates continuously, leveraging Microsoft’s extensive threat intelligence to block high-fidelity threats.

Sentinel extends these capabilities, collecting data across users, devices, network, on-premises infrastructure and the cloud. It uses analytics and threat intelligence for real-time detection, minimizing false positives, and orchestrates automated responses to incidents. Together, these platforms ensure comprehensive visibility and proactive defense against cyberthreats.

All-Canadian security and network operations centres

All data remains in your instance of Microsoft Defender and Sentinel and our all-Canadian SOC and network operations centre (NOC) ensure your data is always accessed from within Canada.