Cyber Risk Report Highlights Critical Vulnerability, Offers New Ways to Prioritize Risk Management
Dallas, Sept. 25, 2024 / PRNewswire / — Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity, has called on network defenders to enhance their visibility into risks across their attack surfaces. This comes after the release of a comprehensive new study that provides detailed metrics categorized by region, company size, industry, asset type, and more.
The report, titled "Intercepting Impact: 2024 Trend Micro Cyber Risk Report," also identified numerous weak configurations that could lead to security breaches, particularly concerning security controls.
To access the full report, visit: Intercepting Impact: 2024 Trend Micro Cyber Risk Report.
Key Insights from the Report
Jon Clay, Vice President of Threat Intelligence at Trend Micro, stated, "Trend’s cyber risk report shares key insights on where risks are greatest within organizations such as weak security controls, misconfigurations, and unpatched actively exploited vulnerabilities. Shifting towards a more risk-based approach to cybersecurity—discovering the entire attack surface, using AI to calculate the actual risk, and providing mitigating controls advice—allows an organization to improve its cybersecurity posture like never before. This is a game changer for the industry."
The Trend Vision One platform employs a risk event catalog to calculate a risk score for each asset type and an index for organizations. This calculation is done by multiplying an asset’s attack, exposure, and security configuration by its impact. Assets with low business impact and few privileges have a smaller attack surface, while higher-value assets with more privileges present a larger attack surface.
High-Risk Assets
The report identifies several asset categories that are particularly at risk:
- Devices: Out of 22.6 million devices, 877,316 are classified as high-risk.
- Accounts: Among 53.9 million accounts, 12,346 are high-risk.
- Cloud Assets: 14.5 million cloud assets were assessed, with 9,944 deemed high-risk.
- Internet-Facing Assets: Of the 1.1 million assets, 1,661 are high-risk.
- Applications: From 8.8 million applications, 489 are high-risk.
While the number of high-risk devices is significantly higher than that of accounts, even though there are more accounts in total, devices have a larger attack surface. However, accounts remain valuable targets as they can provide threat actors with access to various resources.
Regional and Sector Insights
The report also unearthed some noteworthy findings:
- Americas: This region has the highest average risk index at 43.4, driven by vulnerabilities in the banking sector and critical infrastructure, making it an attractive target for profit-driven actors.
- Europe: Demonstrates strong security practices by being the quickest region to patch vulnerabilities.
- Mining Sector: This vertical has the highest risk score due to its strategic position in global supply chains and large attack surface.
- Pharmaceuticals: The fastest sector to patch vulnerabilities, reflecting the importance of protecting sensitive data.
- Top Detected Risk Event: Accessing cloud applications with high-risk levels based on historical application data, known security features, and community knowledge.
- Other High-Risk Events: Include old and inactive accounts, accounts with disabled security controls, and sensitive data being sent outside the network.
Recommendations for Mitigating Cyber Risk
As the threat landscape continues to evolve, organizations must improve their ability to identify and manage risks. The Trend Vision One platform, with its integrated Attack Surface Risk Management (ASRM), provides essential tools for comprehensive threat visibility and effective risk mitigation.
To help mitigate cyber risk, the following steps are recommended:
- Optimize Security Settings: Ensure product security settings are optimized to receive alerts on misconfigurations.
- Verify Risky Events: When a risky event is detected, contact the device and/or account owner to verify the event. Investigate the event using the Trend Vision One Workbench search function for more information or check event details on the product management server.
- Secure Risky Accounts: Disable risky accounts or reset them with a strong password and enable multi-factor authentication (MFA).
- Regular Updates: Apply the latest patches or upgrade application and operating system versions regularly.
About the Report
The report is based on telemetry data from Trend Micro’s Attack Surface Risk Management (ASRM) solution within its flagship cybersecurity platform, Trend Vision One, along with native eXtended Detection and Response (XDR) tools. The data spans from December 25, 2023, to June 30, 2024, and is divided into two sections: the user side covers risk in assets, processes, and vulnerabilities, while the adversary side maps adversary behaviors, MITRE, and TTPs.
About Trend Micro
Trend Micro, a global cybersecurity leader, aims to ensure the safety of digital information exchange. Leveraging decades of security expertise, global threat research, and continuous innovation, Trend Micro’s AI-powered cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, Trend’s platform offers advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and provides central visibility for better, faster detection and response. With 7,000 employees across 70 countries, Trend Micro enables organizations to simplify and secure their connected world. For more information, visit www.TrendMicro.com.
Conclusion
The "Intercepting Impact: 2024 Trend Micro Cyber Risk Report" highlights the critical importance of understanding and managing cyber risk. By adopting a risk-based approach to cybersecurity, organizations can significantly enhance their security posture. The Trend Vision One platform offers comprehensive tools to help organizations navigate the complex threat landscape effectively.
For further details, please refer to the full report and consider implementing the recommended steps to mitigate cyber risks in your organization.
Reference
For more information about the report, visit: Trend Micro Cyber Risk Report.
For more Information, Refer to this article.