More Canadian firms doing penetration tests: Survey

Share post:

More Canadian organizations than ever are using penetration testing to improve their security posture.

According to a recent survey by IT solutions provider CDW Canada, 56 per cent of responding firms said they have performed a penetration test in the last 12 months. That’s a 40 percent increase compared to the response in 2022, the company said.

The survey also found that 44 per cent of respondents whose firms do penetration tests said they use both internal employees and third-party testers to do this work and/or comprehensive security assessments.

The findings are part of a survey of 500 IT professionals at organizations with at least 20 employees, conducted in March for CDW Canada, which offers penetration testing services.

The survey was validation that adoption, and the sense of the value of penetration testing among Canadian organizations is increasing, Julius Azarcon, CDW Canada’s vice-president of professional and managed services, said in an interview.

“We believe that penetration testing is an important aspect of any organization’s preventative cybersecurity measures,” he said.

Related content: Only do penetration tests if your security program is up to it

Despite an overall increase in the implementation of penetration testing, Canadian organizations continue to see a rise in security breaches each year, a report based on the survey results said. The most common types of security breaches experienced in the past year were ransomware attacks (34 per cent), business email compromises (34 per cent), and phishing attacks (33 per cent).

A penetration test should be done either once a year, or whenever there are significant changes to an organization’s technology environment and infrastructure, Azarcon said.

There is a wide range of penetration tests, from focused, ‘We only want to test one security control,’ to no-holds-barred attacks where tricking employees with phishing messages is fair game.

Related content: 8 penetration test tips

Arguably the toughest tests in Canada have been mandated by the country’s financial regulator, which last month approved a testing framework that the biggest banks and insurers have to meet once every three years. Rather than trust an institution’s internal IT staff to do a test, an external cybersecurity firm has to be hired to design the test. This firm may do the attack, or an outside firm will perform it. The institution is expected to do its own penetration tests as well.

The post More Canadian firms doing penetration tests: Survey first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways