7 Security Challenges Canadian IT Teams Must Overcome to Combat Cyberattacks

The 2025 Canadian Cybersecurity Study shed light on major trends that are impacting organizations across the country. Here are three of them:

The cyberattack surface is expanding

The study observed a significant growth in IT devices across Canadian organizations. For instance, the number of client computing devices grew by 1,7 times on average for small and medium organizations between 2024 and 2025.

This matters because as organizations adopt new technologies and scale their operations, the size and complexity of their attack surfaces continue to grow. This also poses significant challenges for security teams in effectively managing and securing these environments.

Despite fewer cyberattacks, cyberincidents continue to rise

For the second consecutive year, Canadian organizations have reported a decline in the total number of cyberattacks year-over-year. However, despite this reduction in overall attack numbers, infection rates remain high, with 86,5 percent of respondents in 2025 indicating a security incident in the past 12 months.

Downtime per incident is trending upwards

The study showed that downtime per incident continues to grow, particularly for breaches and cloud incidents. This trend underscores the increasing complexity of incident resolution and a pervasive lack of resilience in IT systems.

Specifically, cloud downtime per incident has risen by 23 percent year-over-year. This increase has particularly affected the government (up 41 percent) and healthcare (up 38 percent) sectors.

Based on the findings of our study, here are seven security gaps that modern IT teams often face within their security operations.

CDW’s Canadian Cybersecurity Study revealed a significant gap in cloud security testing; only 45,6 percent of Canadian organizations use cloud-specific security testing tools and methodologies tailored to their environments.

At the same time, 27,6 percent continue to apply the same testing methods used for on-premises systems and 21,4 percent rely solely on cloud service providers' built-in security testing tools.

Due to this lack of cloud-specific testing, IT teams may misinterpret their cloud security and miss out on critical security gaps. They need a testing approach that takes cloud assets into account and offers a more robust risk identification.

Our partners at Tenable offer solutions for comprehensively monitoring cloud risks. As a cloud-native application protection platform (CNAPP), Tenable empowers security and DevSecOps teams to continuously assess and prioritize cloud risks.

It actively monitors human and service identities, network configuration, data and compute resources for security gaps. With its help, IT teams can minimize the attack surface and the potential damage from a breach.

By moving beyond inconsistent practices to well-established processes, Tenable helps organizations transition from foundational protection to operational resilience.

Key features of the Tenable cloud platform

• Provides multicloud visibility for a 360-degree view of all cloud resources, including infrastructure, identities and workloads.
• Reduces alert noise by finding toxic combinations of issues and applying full-stack analysis to surface risk in context.
• Facilitates automated remediation efforts when anomalies or misconfigurations are detected.

In a ransomware event, organizations often find themselves stuck in long periods of downtime before they can restore operations. The Canadian Cybersecurity Study found that cloud downtime per incident was up by 23 percent in 2025.

This rise in cloud downtime shows that many organizations can’t bounce back quickly from cloud-related attacks, leading to extended disruptions and potential data loss. The inability to test cyber recovery plans effectively also contributes to operational uncertainty during a crisis.

Our partners at Rubrik offer a suite of solutions that can protect against ransomware. Their products offer data immutability and comprehensive cyber readiness for ransomware attack scenarios, enabling organizations to catch threats in time.

Rubrik utilizes machine learning to proactively detect and investigate ransomware by identifying suspicious deletions, modifications and encryptions. It also alerts for unusual access patterns, identifies ransomware strains and helps assess attack impact.

Key features of Rubrik’s data protection solution

• Threat monitoring: Scans backups for the latest indicators of compromise (IoCs) using intelligence from Google Mandiant and Rubrik Zero Labs.
• Threat hunting: Allows organizations to prevent malware reinfection by analysing data history for IoCs to pinpoint the initial point, scope and time of infection.
• Threat containment: Enables quarantining of infected snapshots or individual files to reduce the risk of reintroducing malware during recovery operations.

As per the Canadian Cybersecurity Study, 60,5 percent of respondents reported their public cloud environments were impacted by a cyberincident. This makes cloud environments one of the most impacted IT components, signaling the need for improved data protection in environments where the cloud is used alongside other systems.

Cloud systems are usually difficult to protect due to the shared responsibility model, where an organization doesn’t fully control the security perimeter. This makes it challenging for IT teams that have cloud workloads to build data resilience.

Veeam, our technology partners, offer cloud-specific data protection for simplifying how organizations leverage the cloud. Veeam Data Cloud Vault offers a protection solution by providing a fully managed, secure cloud storage resource built on Microsoft Azure.

It’s designed with zero-trust data resilience (ZTDR) principles, ensuring that the data resources are always safeguarded from cyberthreats.

Key features of Veeam Data Cloud

• Immutability, encryption and logical air-gapping from production environments, paramount to protecting data integrity and availability for a clean restore.
• Provides an all-inclusive and predictable cost model by including API calls, restore and egress charges in a flat, per-TB pricing.
• Offers comprehensive data protection and recovery for Exchange, SharePoint, OneDrive and Teams, supporting fast backups and bulk restores for cyberattack recovery, powered by Microsoft 365 Backup Storage.
  

As per the Canadian Cybersecurity Study, there is a significant disparity in threat detection times between organizations with basic security maturity and those that are more advanced. The study found organizations that have a mature security program can detect cyberthreats nearly 10 times faster than those with basic security controls.

This disparity underscores that detection and response are still far too slow for many organizations. For smaller organizations, detection times increased from 4,0 days in 2024 to 6,8 days in 2025.

To help organizations meet these gaps, our partners at Fortinet offer the unified Security Fabric solution. It helps organizations move faster and integrate controls across users, devices and networks to improve response times.

The Security Fabric is designed to span the extended digital attack surface, offering broad, integrated and automated security. In addition, Fortinet also offers AI and machine learning capabilities for security orchestration, automation and response (SOAR) with pre-built use cases and integration with FortiGuard Threat Intelligence Services.

Key features of Fortinet protection

• Helps organizations cut incident remediation time significantly, from hours to minutes, through real-time blocking of malicious actions.
• Enables organizations to understand the origin and complexity of threats with automated remediation and full attack visibility.
• Fortinet's managed detection and response (MDR) service provides proactive threat hunting and continuous product tuning to balance usability and security.

Our Canadian Cybersecurity study revealed that 46 percent of organizations cite scalability issues in managing continuous authentication and monitoring as a challenge when implementing zero trust. Additionally, shadow AI concerns are growing due to unapproved AI tools and applications deployed or utilized outside IT governance.

Hybrid users and ungoverned access can make traditional network boundaries obsolete, leading to an expanding attack surface. Such concerns can make it risky for IT teams to protect their systems against cyberattackers that mimic real users in an environment.

Our partners at Cloudflare help organizations overcome common zero-trust adoption hurdles without the complexity of legacy architectures. Cloudflare Connectivity Cloud is a unified, cloud-native platform that consolidates zero trust network access (ZTNA), secure web gateway (SWG), DNS filtering and branch connectivity into one scalable service – with no need for on-premises hardware. It also reduces total cost and time to value by eliminating point solutions and enabling secure access and traffic inspection from anywhere.

Key features of Cloudflare offerings

• Delivered over Cloudflare’s globally distributed Anycast network, it enforces ZTNA, SWG, CASB and DLP policies close to the user – maximizing performance while minimizing operational complexity.
• Cloudflare’s Protective DNS blocks access to malicious domains, effectively safeguarding end users from accessing harmful content and malware. Built on Cloudflare’s globally distributed network and backed by extensive threat intelligence (and support for custom feeds), it delivers faster protection with reduced operational complexity.
• Cloudflare's Shadow IT Discovery helps uncover unsanctioned SaaS apps and private network activity, giving IT teams visibility into shadow AI tools and unmanaged access. This enables faster policy enforcement and reduces data exposure across hybrid environments.

Observability is the measure of how effectively IT teams can observe their assets in each environment. As per the Canadian Cybersecurity Study, 63 percent of organizations struggle to operationalize zero trust and only 25 percent can respond to incidents in real time. 

These challenges often manifest as fragmented observability and an inability to enforce policies at scale across disparate IT environments. As organizations invest in hybrid cloud environments, it gets tougher to maintain the same level of observability as each environment may have different observability tools. 

Our partners at Cisco offer solutions that can help organizations improve observability and implement zero-trust security, while enhancing detection and response. 

Cisco XDR enables organizations to detect, investigate and respond to security incidents across the entire IT environment, which accelerates response times. Cisco’s zero-trust offerings, such as Cisco Secure Access, simplify the implementation of zero-trust technologies, even in complex architectures, while Cisco ThousandEyes can help increase observability.

Key features of Cisco solutions

• Provide detailed insights into network traffic, performance and health through tools like Cisco ThousandEyes, which offers end-to-end visibility into application performance and network conditions across complex, multicloud environments.
• Deliver real-time monitoring and threat detection, helping organizations proactively manage cyberincidents and respond quickly to potential threats with the help of Cisco XDR.
• Overcome the complexities involved in extending zero trust across platforms and systems in an IT environment with Secure Access, which is easier to scale and simpler to manage.

Application-level security refers to the techniques used by DevOps and software teams to reduce vulnerabilities for a certain business application. CDW’s Canadian Cybersecurity Study showed that for organizations conducting zero-trust maturity assessments, only 17,6 percent of organizations say these assessments directly inform actionable steps.

This implies a significant gap between strategic planning and operational execution in security posture management. It also means that even if an IT team uses zero-trust principles, it may still have security loopholes at the application level.

Our technology partners at F5 offer comprehensive application security and posture management via the F5 Distributed Cloud WAAP (Web Application and API Protection). The solution comprises a complete, full API lifecycle security solution, designed to address these challenges by combining data analytics and insights from AI and machine learning to discover, govern and protect APIs.

This comprehensive approach is a strong fit for organisations seeking to enforce consistent controls across public-facing applications, tying into zero-trust principles and addressing visibility shortfalls.

Key features of F5 application security and posture management

• Enhanced Visibility: Centralized interface for monitoring API endpoints and detecting malicious activity with clarity, reducing dashboard fatigue.
• Proactive Automation: Continuously monitors API endpoints, detects vulnerabilities, mitigates attacks and adapts to changing integrations.
• Unified Management: Streamlines security posture management across all services via a simple and intuitive interface.

We make it easier to integrate advanced technologies such as extended detection and response (XDR), security information and event management (SIEM) and managed detection and response (MDR) services. These integrations enable you to proactively identify, assess and mitigate cyberthreats.

Beyond technology integration, we also offer end-to-end services encompassing assessment, design, deployment and ongoing support. Our Cyber Risk Advisory services assist you in evaluating and enhancing your vulnerability management programs, ensuring alignment with business needs and regulatory requirements.

Additionally, CDW's all-Canadian security operations centre (SOC) provides 24/7 monitoring, threat hunting and incident response, ensuring rapid detection and remediation of security incidents.