Organizations aren’t keeping up with the latest cybersecurity needs, giving leeway to threat actors to exploit the elevated cyber risk, intrude IT infrastructure, and breach sensitive customer & IP data. Trend Micro and Ponemon Institute team up for the former’s fourth biannual Cyber Risk Index report.
In what could be termed as one of the more startling cybersecurity anticipations for the upcoming 12 months, 86% of organizations foresee an intrusion leading to a data breach. However, the anticipation becomes more palpable when you take into account recent findings from a report by Trend Micro and Ponemon Institute.
Trend Micro and Ponemon Institute’s analysis covered four global regions: North America, Latin America (LATAM), Asia-Pacific (APAC), and Europe. Of these, organizations from North America were found to have the most apprehensions related to a weak cybersecurity posture, making North America the region with the highest risk.
Of the remaining three, only LATAM had a moderate risk level when it came to assessing, detecting, preventing, and responding to threats in the present-day cybersphere.
Opens a new window
Source: Trend Micro
Cyber Risk Index (CRI)
CRI comprehensively provides a view into the gap between an organization’s current security posture and its likelihood of being attacked. It is the measure of the preparedness of organizations, maybe even countries when it comes to the prevention of cyberattacks and adequate management of cyber incidents.
The CRI measurement encompasses the baseline cybersecurity, incident management capabilities, and general cybersecurity development. In other words, it serves as an indicator that can help in the prediction of the risk of becoming a victim of cybercrime of the entity for which it is measured.
CRI is based on factors such as:
- Security budget
- Security resources and relevant skills
- Investment in cutting edge technology such as machine learning, automation, orchestration, analytics, etc
- Security training
- Existing processes and tools
If an organization has a lower CRI, it has a higher chance of falling victim to a cyber attack. Trend Micro and Ponemon’s CRI is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk.
Dr. Larry PonemonOpens a new window , CEO for the Ponemon Institute, said, “Trend Micro’s CRI continues to be a helpful tool to help companies better understand their cyber risk. Businesses globally can use this resource to prioritize their security strategy and focus their resources to best manage their cyber risk. This type of resource is increasingly useful as harmful security incidents continue to be a challenge for businesses of all sizes and industries.â€
At present, the average global CRI stands at -0.41, placing most of the world in an elevated risk category.
See Also: There’s Plenty of Phish in the Sea: How Organizations Can Avoid Getting Caught
Why is the Global Cyber Risk Index Elevated?
Trend Micro’s biannual report discovered that nearly a quarter (24%) of those surveyed were victimized in over seven networks/systems infiltration in the past 12 months. Just over one in five (21%) suffered in over seven data breaches wherein information assets were accessed while 20% of the organization had their customer data breached in more than seven attacks.
The two most important reasons behind this elevated risk are:Â
- Lack of appropriate security technologies where needed
- Unknown physical location of business-critical assets and applications
This basically translates into insufficient attacks thwarting processes and practices such as patching to threat sharing.
Consequently, the cyber preparedness index and cyber threat index are both woeful.
Source: Trend Micro
Tony LeeOpens a new window , head of consulting, Hong Kong and Macau, of Trend Micro, said, “Once again we’ve found plenty to keep CISOs awake at night, from operational and infrastructure risks to data protection, threat activity, and human-shaped challenges.â€
Top Risk Factors
Risk to organizational data includes threat actors getting their hands on the following.
| Risk Factors | |
| Data Risk |
|
| Cyber Risk |
|
| Infrastructure Risk |
|
| Human Capital Risk |
|
| Operational Risk |
|
See Also: How To Pick the Best Security Framework for Your Organization
Trend Micro’s Suggestions for Cyber Threat ProtectionÂ
Lee added, “To lower cyber risk, organizations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms.â€
Based on the present-day threat landscape along with CRI findings, Trend Micro has set forth some suggestions. Of course, each organization is built differently so security best practices should be implemented per the scope of the threat that each organization faces.
Some of the security best practices include:
- Identifying and building security around critical data by focusing on risk management and the threats that could target this data
- Minimizing infrastructure complexity and improving alignment across the whole security stack
- Getting senior leadership to view security as a competitive advantage
- Improving the ability to protect the business environment, including properly securing BYOD, IoT, and industrial IoT devices, and cloud infrastructure
- Investing in both new talent and existing security personnel to help them keep up with the rapidly evolving threat landscape, as well as improve retention
- Reviewing existing security solutions with the latest technologies to detect advanced threats, like ransomware and botnets
- Improving IT security architecture with high interoperability, scalability, and agility
Closing Thoughts
Risk is inherent to organizations with internet-facing system infrastructure. And in the current scenario, an online presence is what gives businesses a competitive edge which is why the threat never goes away in theory. The threat even extends to the customers.
As of now, the CRI report delineates risks to be elevated but not high. And if respondents believe their organizations aren’t doing enough, now is the time to get cracking to reverse the upward risk trend.
Note: Trend Micro and Ponemon Institute’s study is based on responses from 3,600 CISOs, IT practitioners, and managers from businesses of all sizes hailing from multiple industries and sectors across North America, Europe, Asia-Pacific, and Latin America.
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!