In his interview with CanadianSME Small Business Magazine, Ivo Wiens, Field Chief Technology Officer, Cybersecurity at CDW Canada, shed light on the evolving cybersecurity landscape. He emphasized the crucial role of timely threat detection and response, addressing the challenges brought by the COVID-19-induced digital transformation. Wiens stressed the need for organizations to adopt automation tools while defining clear orchestration processes. He highlighted the risks associated with delayed detection, including customer trust erosion and increased recovery costs. To bolster defenses, Wiens advised integrating security into cloud migration, implementing a zero-trust approach, and partnering with third-party cybersecurity experts to proactively address evolving threats.
Ivo Wiens is the field Chief Technology Officer, Cybersecurity at CDW Canada, in this role, Ivo helps set the strategy for the CDW organization, including partnership with vendors, and the development of services to best protect the Canadian market.
Ivo believes that organizations are best served when information security goals are aligned to the goals of the business, and that at CDW we are constantly striving to bridge the gap between these two areas.
Ivo has worked in the security industry across Canada for the last 17 years; with experience in professional services (technical/risk/compliance), managed security services and technical solutions.
Ivo is a SABSA certified architect and has held a CISSP for over 12 years.
As the Field CTO for Cybersecurity at CDW Canada, could you provide an overview of your primary roles and responsibilities, and how they cater to the dynamic challenges businesses encounter in today’s cybersecurity landscape?
It is my job to ensure that CDW Canada customers are operating in a way that maintains the security of their sensitive employee, client and financial data. This means advising on and implementing technologies and best practices from the top of organizations, down to each employee.
As we know, COVID-19 changed how many businesses fundamentally operate and cyberthreats changed along with them. During this rapid digital transformation, employers had to quickly pivot to provide employees with a functional digital workspace. This forced a rapid and often rushed cloud migration strategy where moving business processes to the cloud came first and security to protect these processes came later.
With these new digital offerings came a larger attack surface due to the increased use of personal devices and unsecured cloud workloads. The cybercriminals of today are increasingly sophisticated and have taken advantage of hybrid work models.
CDW Canada’s 2023 Cybersecurity Study highlights that nearly 29% of Canadian organizations take over a week to detect a cybersecurity incident. What do you believe are the main reasons behind such prolonged detection times, and what proactive measures can be put in place to address this?
This was one of our most eye-opening findings as it speaks to the reality of how Canadian organizations manage cyberthreats.
Further to that statistic, the study found that the mean time to respond to a threat is 14 days. Paired with a mean recovery time of 25 days, the total time needed by Canadian organizations for incident management was an astounding 48 days. This offers attackers over a month and half to easily access valuable enterprise resources and sensitive data, giving them more context for attacks and the ability to extract important information from your organization.
The consequences of these situations are very serious. While delays in detection and response have the potential to negatively affect customer trust and invite regulatory fines, working proactively to improve threat detection and response can be difficult. This can especially be true for small and medium-sized organizations that don’t have the time and resources to build a robust cybersecurity posture.
The most effective first steps are for organizations to continue to educate their employees on how to identify and avoid suspicious communications and to make sure that devices (servers, laptops or mobile devices) are regularly patched.
The best means of improving threat detection and response is partnering with a third-party IT provider. It is their job to monitor your network with an expert eye, dealing with cyberthreats as they occur, allowing you to focus on running your business.
Modern threat detection tools like security orchestration, automation and response, and threat intelligence offer promising solutions. Why do you think there’s a hesitancy among organizations in adopting these tools, despite their evident advantages?
Automation is going to be key for the future of cybersecurity, not only to fill the resource gaps but also to keep up with rate of growth in attack sophistication. However, organizations have not yet made the jump to automation because true automation doesn’t work without first spending time to define true orchestration from a technology and process perspective.
Organizations need to first stop relying on manual processes, which make them dependent on the “security heroes” of their team to do all the work. Then, employ frameworks such as the MITRE ATT&CK framework to facilitate continuous asset monitoring and threat detection.
With 62% of Canadian organizations still depending on manual security processes, how do these manual interventions exacerbate the delay in threat detection, and how can organizations transition more effectively to automated systems?
The reality is that a lot of Canadian organizations are still using relying on a number of teams and systems that are not fully integrated, and this manual work takes longer as it uses antiquated methods of communication that could (in most cases) be scripted.
So, if a security breach occurs, whoever is responsible for network security must first identify the breach and then figure out how to fix it. This leaves an opening for delayed detection and response if an internal IT team is small and under-resourced. Automated processes allow IT teams to focus on the bigger picture.
The first step in transitioning to automated systems is taking stock of your processes, technologies and creating a strategic plan for security modernization. With a forward-looking vision in mind, organizations can see quantifiable improvements to their day-to-day processes.
For organizations that don’t have the internal resources to see this process through, partnering with a third-party IT provider like CDW Canada is the best way to plan for and implement automated systems. We work with organizations to develop a roadmap for maturing security solutions and, from there, oversee the development and maintenance of these automated systems. This ensures they are up to date and aligned with the ever-changing threat landscape.
Considering the rising success rates of cyberattacks, how do you perceive the correlation between delayed detection and the amplified risks, such as eroding customer trust and surging recovery expenses?
Poor threat detection and response time leads to greater risk and costly recovery solutions. This exposes organizations to four primary areas of risk: detailed reconnaissance, reinfection, evidence tampering and recovery backlog.
The more time an attacker has in an organization’s network, the more time they have to conduct detailed reconnaissance. This means locating sensitive employee, customer and financial information as well as making lateral moves throughout an organization’s network.
When it comes to reinfection, with enough time on their side, attackers will find ways to create easy pathways for re-entry.
One of the most serious outcomes of slow response time is evidence tampering. This is when attackers remove evidence, which makes efficient recovery even more difficult.
Ultimately, slow detection and response creates a waterfall effect for resolution. A slow response results in a slower recovery and ultimately more backlogs that organizations must face. This causes significant increases in costs to mitigate and fix issues.
Another impact on cost is user experience. From a customer point of view, if an organization’s website or payments system is slow or non-functioning, they will naturally turn to an alternative provider. This can be detrimental to small and medium-sized organizations who don’t have the internal IT resources to keep up with enterprise organizations. Additionally, if news of a security breach that jeopardizes customer financial information goes live, customers may lose faith in an organization entirely.
Based on your extensive experience in cybersecurity, what advice would you offer to Canadian organizations looking to bolster their defence mechanisms against these increasingly successful cyberattacks?
My top three tips for Canadian organizations looking to bolster their defence mechanisms against cyberattacks are:
- Integrating security as a key component of the organization’s cloud migration strategy. Most of the critical information for Canadian organizations is currently housed in the cloud. Because of this, it is essential to convey the potential risks associated with these assets in a manner that is clear to key stakeholders. This involves articulating these risks clearly and concisely throughout the organization while selecting appropriate controls to safeguard this valuable data. Also, in light of the persistent trend toward hybrid work environments, it is evident that cloud migration is an ongoing process, necessitating the integration of security as a foundational aspect of the plan.
- Implementing a zero-trust approach within the organization at all levels. Everyone from executive leadership down to junior employees must acknowledge that cyberthreats exist both inside and outside their network, meaning that users, devices and network components cannot be blindly trusted. Zero-trust security architectures should be able to prevent, detect and contain security incidents effectively.
- Partnering with third-party cybersecurity solutions providers is a surefire way to ensure IT environments remain secure. IT experts intimately understand the threat landscape and work with organizations to develop proactive and reactive plans to meet security threats, no matter how sophisticated they get.