The alarm bell tolls for an awakening that is occurring across Canada that affects all of us, including our local small businesses, our medium & large companies and our biggest enterprise organizations. An awakening that has created a new dawn that shines a bright light on a cybersecurity movement that is happening throughout the country. Like any important movement through our history, there is a tipping point that happens when meaningful and sustained momentum is achieved.
According to the results of the 2019 Scalar Security Study, that tipping point appears to have occurred over the last year. Astonishingly, of the study’s sample size of over 400 participants across organizations of all sizes, 100% of the IT industry respondents reported experiencing a cybersecurity attack over the last 12 months. And those attacks are becoming both more successful, increasing a full percentage point in the last year, as well as more costly, with the financial damage incurred by an organization effected increasing by more than $1,000,000.
As the Scalar research illustrates, in spite of this new awakening, just over 10% of the study respondents indicated that they have a “high” degree of confidence in their organization’s ability to prevent cybersecurity breaches from happening. Fortunately, however, that confidence can increase dramatically if Canadian organizations adopt a disciplined framework for a modern, effective cybersecurity strategy. The National Institute of Standards and Technology (NIST) and other thought leaders throughout the industry have developed a thorough approach to cybersecurity hygiene for companies to follow. Common across the NIST approach and other available cybersecurity frameworks is a combination of steps to provide threat defence as well as response and recovery strategies. The fundamentals included in these plans provide objectives intended to support a more resilient approach to cybersecurity risk. Given the new normal we are experiencing in Canada, this type of discipline is exactly what is required to protect ourselves from the continuing onslaught of cyber attacks.
Adding to the crisis of confidence is the ever-increasing noise generated from the volume of security alerts across a fragmented network of cyber security products. The result is that our already thin IT teams are chasing alarms in an endless race against the clock. Detection and response times are elongated and the time to recover (TTR) from an attack is increasing. The Scalar report shows that organizations that have a defined methodology for tuning their network by increasing the fidelity of the noise, and a detailed cyber response plan save approximately 20% more time improving their TTR.
Compounding the security challenge is a global environment of advanced government regulation to protect the privacy of our citizens and the confidentiality of our information. From GDPR across the European Union to PIPEDA in Canada, combined with already strict rules around HIPAA and SOX, new legislation has been enacted this past year that compels organizations to improve the protection of data security and personally identifiable information, the exact targets for the cyber criminal. With an expanding attack surface and ambiguous controls, the challenge is greater than at any time before.
Like the report from last year, this year’s 2019 Scalar Security Study demonstrates that there is a strong conviction that better security controls can help to provide cyber resilience for Canadian organizations. Working closely with Scalar, Cisco Systems Inc. is uniquely positioned to help support organizations to build the framework for an integrated cybersecurity infrastructure required for a modern and effective strategy. The architectural approach to cybersecurity available from Scalar and Cisco provides a comprehensive Cloud to Core solution, including protection through to the network and to the endpoint. Cisco is the only company that has a complete cyber security portfolio that is supported by the world’s largest non-governmental threat intelligence organization (Cisco Talos). Combined with active defences, including threat hunting, security intelligence and incident response, the Cisco integrated cybersecurity platform will continue to drive the momentum’s strength as we work to provide all organizations across Canada with the confidence required to improve our position in this continuing fight.