More Canadian firms doing penetration tests: Survey

More Canadian organizations than ever are using penetration testing to improve their security posture.

According to a recent survey by IT solutions provider CDW Canada, 56 per cent of responding firms said they have performed a penetration test in the last 12 months. That’s a 40 percent increase compared to the response in 2022, the company said.

The survey also found that 44 per cent of respondents whose firms do penetration tests said they use both internal employees and third-party testers to do this work and/or comprehensive security assessments.

The findings are part of a survey of 500 IT professionals at organizations with at least 20 employees, conducted in March for CDW Canada, which offers penetration testing services.

The survey was validation that adoption, and the sense of the value of penetration testing among Canadian organizations is increasing, Julius Azarcon, CDW Canada’s vice-president of professional and managed services, said in an interview.

“We believe that penetration testing is an important aspect of any organization’s preventative cybersecurity measures,” he said.

Related content: Only do penetration tests if your security program is up to it

Despite an overall increase in the implementation of penetration testing, Canadian organizations continue to see a rise in security breaches each year, a report based on the survey results said. The most common types of security breaches experienced in the past year were ransomware attacks (34 per cent), business email compromises (34 per cent), and phishing attacks (33 per cent).

A penetration test should be done either once a year, or whenever there are significant changes to an organization’s technology environment and infrastructure, Azarcon said.

There is a wide range of penetration tests, from focused, ‘We only want to test one security control,’ to no-holds-barred attacks where tricking employees with phishing messages is fair game.

Related content: 8 penetration test tips

Arguably the toughest tests in Canada have been mandated by the country’s financial regulator, which last month approved a testing framework that the biggest banks and insurers have to meet once every three years. Rather than trust an institution’s internal IT staff to do a test, an external cybersecurity firm has to be hired to design the test. This firm may do the attack, or an outside firm will perform it. The institution is expected to do its own penetration tests as well.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs