Trend Micro Incorporated, a Dallas-based cybersecurity vendor, announced that 32% of global organizations have had customer records compromised multiple times over the past 12 months as they struggle to profile and defend an expanding attack surface.
The findings come from Trend Micro’s semi-annual Cyber Risk Index (CRI) report, compiled by the Ponemon Institute from interviews with over 4,100 organizations across North America, Europe, Latin/South America, and Asia-Pacific.
Top cyber threats in 1H 2022 include Business Email Compromise (BEC), Clickjacking, Fileless attacks, Ransomware, and Login attacks (Credential Theft).
“You can’t protect what you can’t see,” said Jon Clay, VP of threat intelligence at Trend Micro. “But with hybrid working ushering in a new era of complex, distributed IT environments, many organizations are finding it difficult to eradicate growing security coverage and visibility gaps.”
The CRI calculates the gap between organizational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from –0.04 in 2H 2021 to –0.15 in 1H 2022, indicating a surging level of risk over the past six months.
This trend is also reflected elsewhere in the data: the number of global organizations experiencing a “successful” cyber-attack increased from 84% to 90% over the same period. Unsurprisingly, the number now expected to be compromised over the coming year has also increased from 76% to 85%.
Some of the top preparedness risks highlighted by the index report are related to attack surface discovery capabilities. It is often challenging for security professionals to identify the physical location of business-critical data assets and applications.
By addressing the shortage of cybersecurity professionals and improving security processes and technology, organizations will significantly reduce their vulnerability to attacks.
The data provide a compelling snapshot of how global organizations perceive their security posture and the likelihood of being attacked. Respondents pointed to the high cost of outside expertise, damage to critical infrastructure, and lost productivity as the main negative consequences of a breach.