Cyber risks are one of the major challenges that organizations face today. The proliferation of technology and the rise of the internet have invited new exposures for companies, making them more susceptible to cyber-attacks. Trend Micro report shows that cyber risk levels have improved from “elevated” to “moderate” for the first time, but insiders represent a persistent threat to businesses worldwide.
Jon Clay, VP of threat intelligence at Trend Micro: “For the first time since we’ve been running these surveys, we saw the global cyber risk index not only improve but move into positive territory at +0.01. It means that organizations may be taking steps to improve their cyber-preparedness. There is still much to be done, as employees remain a source of risk. The first step to managing this is to gain complete and continuous attack surface visibility and control.”
Trend Micro’s CRI (Cyber Risk Index) saw cyber-preparedness enhanced in Europe and APAC but dropped slightly in North and Latin America over the last 6 months. At the same time, threats decreased in every region bar Europe.
Most companies are still pessimistic about their prospects over the coming year. The CRI found that most respondents said it was “somewhat to very likely” they’d suffer a breach of customer data (70%) or IP (69%) or a successful cyber-attack (78%).
These figures represent reductions of just 1%, 2%, and 7% from the last report.
The top four threats listed by respondents in the CRI 2H 2022 remained the same from the previous report:
- Clickjacking
- Business Email Compromise (BEC)
- Ransomware
- Fileless attacks
“Botnets” replaced “login attacks” in fifth place.
Global respondents also named employees as representing three of their top five infrastructure risks:
- Negligent insiders
- Cloud computing infrastructure and providers
- Mobile/remote employees
- Shortage of qualified personnel
- Virtual computing environments (servers, endpoints)
Dr. Larry Ponemon, chairman and founder of Ponemon Institute, said: “As the shift to hybrid working gathers momentum, businesses are rightly concerned about the risk posed by negligent workers and the infrastructure used to support remote workers. As a result, they will need to focus not only on technology solutions but people and processes to help mitigate these risks.”
Based on the worldwide survey results, the most critical areas of concern for companies related to cyber-preparedness are:
People: “My organization’s senior leadership does not view security as a competitive advantage.”
Process: “My organization’s IT security function doesn’t have the ability to unleash countermeasures (such as honeypots) to gain intelligence about the attacker.”
Technology: “My organization’s IT security function does not have the ability to know the physical location of business-critical data assets and applications.”
Also Read: SaaS Rising: India is Ready for its Next IT Moment
