Addressing Canada’s Cybersecurity Readiness Gap | TheFutureEconomy.ca

Addressing Canada’s Cybersecurity Readiness Gap

CybersecurityTech
Photo by BusinessPortraits.ca at https://businessportraits.ca/
Farhaz Thobani
President
Kyndryl Canada
Published on

According to the Canadian Centre for Cyber Security’s latest threat assessment, Canada is facing an unprecedented rise in cyber threats, putting both our national security and economic prosperity at risk.

This alarming trend is underscored by Kyndryl research that shows 70% of large Canadian organizations are concerned that their IT infrastructure isn’t ready to handle cyberattack-related risks. 

As the global threat landscape evolves in real-time with new threats like AI-driven attacks and the increasing frequency of ransomware, it’s no longer a matter of if, but when organizations will be compromised. 

The urgency to bolster our cyber defences has never been more critical. 

Why Aren’t Canadian Organizations Ready?

Computer scientists in server hub workspace frightened by hacker passing firewall and stealing data. Security breach notification on monitor in data center surprising IT specialists

Put simply, Canadian IT infrastructure is quickly becoming outdated, and our business leaders know it. Nearly half say they are concerned their IT is outdated or close to the end of its lifecycle. They are anxious about this, as they know that growing tech debt increases their vulnerabilities to cyberattacks and makes leveraging new technology more difficult. And they are not alone. According to our Kyndryl Bridge data, 44% of servers, networks and systems around the world are aging past their expected life, validating this acute concern. 

“44% of servers, networks and systems around the world are aging past their expected life.”

So, what’s getting in the way of keeping tech modernized? Capital is an obvious answer and most likely a key obstacle, however, our research and our experience also show that efforts are hindered by complexity and prioritization paralysis. Complexity is cited by leaders as the top challenge impeding their modernization goals, as they struggle with compatibility, long-term costs, rising cyber threats and technical debt.

We also found that conflicting priorities (like prioritizing short-term gains vs. long-term benefits, innovation vs. risk, and cost vs. function) and diverse organizational needs add to this complexity as leaders try to run their businesses and modernize simultaneously.

Leaders want to get ready; they know modern IT is the best way to mitigate risk, yet most remain in the beginning stages of their modernization journey. 

“We’re facing a worsening skills gap in the country across all facets of IT—from legacy technologies like mainframe systems to cybersecurity to AI.”

And the challenge extends beyond technology. We’re facing a worsening skills gap in the country across all facets of IT—from legacy technologies like mainframe systems to cybersecurity to AI. More than half of the leaders we surveyed are concerned about this and we’re hearing from our customers that it is becoming increasingly difficult for them to find candidates with the skills and expertise they need. 

Bridging the Cyber Readiness Gap

Above view of concentrated Asian IT engineer typing on laptop while connecting it to server in dark neon room

To bridge the gap, business leaders can adopt several key strategies and practices. This list is far from exhaustive, but it covers some of the more immediate actions required.

1. Modernize infrastructure

The first and most critical step needed to uplift Canada’s IT readiness is for Canadian organizations to modernize legacy infrastructure. Overreliance on outdated infrastructure, especially estates that are no longer supported by vendors, will undercut any readiness efforts.

“Companies can also work on proximate goals, such as actively monitoring infrastructure to determine what is no longer supported and what is at the end of its support life, as well as immediately applying any critical patches released for unsupported infrastructure.”

While the end goal should be modernizing all infrastructure, companies can also work on proximate goals, such as actively monitoring infrastructure to determine what is no longer supported and what is at the end of its support life, as well as immediately applying any critical patches released for unsupported infrastructure. However, a longer-term roadmap for modernizing aging systems is ultimately required.

2. Adopt a cyber resiliency mindset

Organizations must also embrace a new mindset. Within most organizations, the predominant focus has been on securing, defending and protecting systems against threats. However, given the rapidly increasing sophistication, frequency, and volume of attacks most organizations face on a routine basis, a security-only mindset is insufficient. We must focus on assuring organizational resilience—the capacity to react to incoming threats and recover from inevitable disruptions. 

3. Define your minimum viable company

Minimum viable company means defining the most critical business layer of an organization’s operability by determining which services, functions, and data must be accessible to maintain operational viability in the crucial hours after an incident. It’s critical to first have an understanding of this in order to put the right resiliency plan into action within your organization to be able to respond or recover accordingly. 

“Leaders who nurture a skilled workforce are more likely to feel ready for future risks, so investing in talent development, particularly in cybersecurity and AI, is crucial.”

4. Develop your workforce

Another important piece to this is workforce development—building a culture of continuous learning and upskilling in cybersecurity and IT. This also helps bridge the skills gap by providing educational resources and training programs to develop these skills internally. Leaders who nurture a skilled workforce are more likely to feel ready for future risks, so investing in talent development, particularly in cybersecurity and AI, is crucial. 

5. Share information and collaborate

Information sharing and collaboration remain fundamental components in the advancement of public and private cyber resilience. Cyber threats continue to evolve as organizations discover new ways to counteract them. Collaboration among the private sector, academia and government will help all prepare for emerging threats. The Canadian Centre for Cyber Security is a great resource, along with industry associations.

6. Get ahead of regulations

Adding to the urgency for action are emerging cyber regulations here in Canada and around the world. Leaders should proactively work to get ahead of new regulations to improve their overall security posture to avoid severe financial penalties and reputational damage. 

“Organizations that make cybersecurity resiliency a priority are realizing clear benefits that extend beyond cyber readiness, including improved efficiency, greater innovation and an improved employee and customer experience.”

Taking Action

All of this may seem daunting and there is a lot at stake. But the good news is that organizations that make cybersecurity resiliency a priority are realizing clear benefits that extend beyond cyber readiness, including improved efficiency, greater innovation and an improved employee and customer experience. 

Importantly, organizations don’t have to go it alone. Leaders don’t have to choose between operating their IT and watching for cyber threats today and modernizing and transforming for tomorrow. Kyndryl can help them achieve both at the same time – doubling the impact they have on their organizations while ensuring they are ready for whatever risks come their way.

See the Full Series
We use cookies to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. Learn more about our cookies.