North American organizations are vulnerable to cyberattacks, such as ransomware, from cybercriminals and state-sponsored threat actors.
In 2021, there were a reported 235 ransomware attacks against Canadian industry; those attacks cost $6.35 million CAD on average.
Most recently, cyberattacks have affected Canadian businesses such as Sobeys, Suncore, Sick Children’s Hospital (SickKids), Global Affairs Canada (GAC), and the Royal Canadian Mounted Police (RCMP).
The CIGI Policy paper used open-source reporting from organizations that experienced cyberattacks as well as government agency reporting. The paper also used quantitative analysis from eSentire’s internal dataset on cyberattacks detected and responded to in customer environments in North America.
This dataset demonstrates the value of Managed Detection and Response (MDR) firms and how MDR firms have helped to reduce the cost of cyberattacks to North American organizations by preventing attacks before they have serious financial consequences.
The policy paper advanced two arguments in consideration of four variables; those four variables being: the external cyber threat environment, active and defensive cyber operations, information sharing and domestic investment.
Given the external cyber threat environment, risks to businesses can be reduced by domestic investment and the use of MDR providers, as well as through skills development of the Canadian cybersecurity labour pool.
Additional security benefits, such as reducing the risk of cyberattacks impacting Canadian businesses financially, will accrue to Canadian firms if the Government of Canada fosters a collaborative approach of sharing threat intelligence between MDRs and a community of defense sponsored by the government.
This community of defense should be modelled after the United States’ Joint Cyber Defence Collaborative, an information-sharing group that would disseminate threat intelligence quickly and broadly and facilitate more effective active and defensive cyber operations by the Communications Security Establishment (CSE) and the newly announced Canadian Armed Forces’ (CAF) Cyber Command.
The paper highlighted three areas in which the Government of Canada could incentivize more industry collaborations, increase the base level of cybersecurity for small and medium enterprise across the country and rapidly scale the cybersecurity talent pool in Canada.
Today, the Government of Canada is attempting to support the whole of society through the RCMP NC3 and CCCS. However, the RCMP NC3 and CCCS provide minimal direct support in the defence of small and medium enterprises from cyberattacks day to day because they are not an MDR operating a Security Operations Center (SOC) for small and medium Canadian businesses.
Therefore, the most effective and efficient way that the Government of Canada can rapidly scale Canadian cyber defences for the benefit of the “whole of society” is to use public funds to incentivize Canadian businesses to partner with Canadian MDR firms, provide those MDR firms with incentives to invest in their cybersecurity professionals, and leverage those subject matter experts to provide intelligence sharing with the Canadian intelligence community.
These recommendations are elaborated more broadly here:
Enhancing Collaboration with MDR Providers for National Cyber Defense
CCCS and RCMP NC3 should adopt a similar model to CISA’s JCDC and provide a subset of Canadian MDR providers with security clearances to enable cross collaboration with our intelligence and law enforcement agencies to collaborate on threats and information sharing to start building a “national team,” with preference being given to Canadian firms.
MDR providers are currently on the frontlines of the cyber conflict being fought by states and financially motivated, hacktivist threat actors, protecting Canadian industry with minimal support from CCCS and NC3 day to day.
For the Government of Canada to keep pace with these varied threat actors, the CCCS and NC3 need to evolve into meaningful contributors and coordinators for the defence of Canadian industry. This role would be like that of CISA’s JCDC and would facilitate the Government of Canada treating Canadian MDR organizations as peers who can provide much needed advice, guidance and intelligence for the government to act against these groups through international agreements and bilateral partnerships.
In some instances, these relationships with Canadian law enforcement and Canadian intelligence agencies exist in an ad-hoc and semi-formalized manner. To mature and put into practice the “whole of society” approach required to combat cyber threats, the Government of Canada, specifically the NC3 and CCCS, should look to adopt measures to create a community of defence, like the model created by CISA with JCDC.
This would also enable cyber incident reporting in a more efficient and effective way, while facilitating more effective active and defensive cyber operations by the CSE and the CAF Cyber Command.
Providing Tax Credits for Businesses Using Canadian MDR Providers
The Government of Canada should provide a financial incentive to small, medium and enterprise firms leveraging Canadian MDR providers; this should come in the form of a non-refundable tax credit to directly reduce the taxes required to be paid by Canadian businesses that are currently leveraging Canadian MDR firms.
This will incentivize organizations that have previously not had the additional IT or security budget for a full cybersecurity program to consider partnering with a Canadian MDR provider.
The services that should be included in the non-refundable tax credit are Managed SOCs for monitoring endpoints, network, logs and cloud data sources; vulnerability management; and digital forensics and incident response services (including retainers).
Providing Tax Credits for Investing in Cybersecurity Training and Certifications
The Government of Canada should also give Canadian MDR providers a financial incentive to grow their talent in the form of a non-refundable tax credit.
This tax credit will enable MDR providers to invest in their talent and support their development by paying for industry standard training for them to be able to keep pace with the rapid change of technology and stay competitive with international firms.
The cost of the leading cybersecurity certifications and training are steep and can total more than $10,000 CAD for the industry leading; offsetting these costs for business will directly support MDR providers by enabling them to retain top talent to best protect Canadian businesses.
It goes without saying that as the cyber threat landscape continues to evolve, the Government of Canada must adopt a proactive and collaborative approach to strengthen national cyber defenses.
By incentivizing businesses to partner with Canadian MDR providers, fostering collaboration through models like the U.S. Joint Cyber Defense Collaborative (JCDC), and supporting cybersecurity talent development with targeted tax credits, Canada can build a robust, resilient cyber defense ecosystem.
These measures will not only reduce the financial impact of cyberattacks on Canadian businesses but also position MDR providers as critical partners in safeguarding the country’s economy and infrastructure.
A unified, whole-of-society approach will become essential to combat emerging threats and ensure Canada remains a leader in cybersecurity innovation and defense.
