Trend Micro has announced that cyber-risk levels have improved from “elevated” to “moderate” for the first time, but that insiders represent a persistent threat for global organizations.
To read a full copy of the Trend Micro Cyber Risk Index (CRI) 2H 2022*, visit: https://www.trendmicro.com/en_
Sharda Tickoo, Technical Director for India & SAARC at Trend Micro: “For the first time since we’ve been running these surveys, we saw the global cyber-risk index not only improve but move into positive territory at +0.01. It means that organizations may be taking steps to improve their cyber-preparedness. There is still much to be done, as employees remain a source of risk. The first step to managing this is to gain complete and continuous attack surface visibility and control.”
The CRI found that cyber-preparedness improved in Europe and APAC but declined slightly in North and Latin America over the past six months. At the same time, threats declined in every region bar Europe.
Although, Cyber Preparedness Index for the APAC (with a focus on India)/ASEAN region in the second half of 2022 stood at 5.33 and for the first half of 2023 stood at 5.47 which was the highest all over the globe.
Most organizations are still pessimistic about their prospects over the coming year. The CRI found that most respondents said it was “somewhat to very likely” they’d suffer a breach of customer data (70%) or IP (69%) or a successful cyber-attack (78%).
These figures represent declines of just 1%, 2%, and 7%, respectively, from the last report.
The top four threats listed by respondents in the CRI 2H 2022 in the APAC region include
1) Business Email Compromise (BEC)
The respondents in APAC (with a focus on India) region also named employees as representing three of their top five infrastructure risks in the second half of 2022
1) Negligent insiders
2) Cloud computing infrastructure and providers
3) Shortage of qualified personnel
4) Mobile/remote employees
5) Organisational misalignment and complexity
Dr. Larry Ponemon, chairman and founder of Ponemon Institute, said: “As the shift to hybrid working gathers momentum, organizations are rightly concerned about the risk posed by negligent employees and the infrastructure used to support remote workers. They will need to focus not only on technology solutions but people and processes to help mitigate these risks.”
Based on the global survey results, the greatest areas of concern for businesses related to cyber-preparedness are:
People: “My organization’s senior leadership does not view security as a competitive advantage.”
Process: “My organization’s IT security function doesn’t have the ability to unleash countermeasures (such as honeypots) to gain intelligence about the attacker.”
Technology: “My organization’s IT security function does not have the ability to know the physical location of business-critical data assets and applications.”
*The six-monthly Cyber Risk Index was compiled by the Ponemon Institute from interviews with 3729 global organizations. The index is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. It is calculated by subtracting the score for cyber threats from the score for cyber-preparedness.