People, Processes, and Technologies: How Organizations are Viewing Cyber Preparedness

People, Processes, and Technologies: How Organizations are Viewing Cyber Preparedness

By Alex Passett

"For the first time since we've been running our surveys,” said Jon Clay, Vice President of Threat Intelligence at Trend Micro, “we saw the global cyber-risk index not only improve but move into positive territory at +0.01. That means organizations may be taking legitimate steps to improve their cyber preparedness. There is still much to be done – as employees remain a source of risk – but it’s still a positive."

Why not start with the new good first, right?

Trend Micro, a global provider of cybersecurity, recently announced this very improvement to cyber risk levels, moving them from "elevated" to "moderate" for the first time, as Clay noted.

However, the company emphasized that insiders continue to pose a significant threat to global organizations’ people, processes and technologies, all the same.

Here’s a long-story-short rundown:

Trend Micro’s Cyber Risk Index (CRI) 2H 2022 report, which presents these findings, is based on interviews with a whopping 3,729 global organizations. The CRI’s numerical scale for gauging its data goes from -10 to 10, with -10 representing the highest level of risk and 10 the lowest. This is calculated by subtracting the score for cyber threats from the score for cyber preparedness, per Trend Micro.

Notably, the report found that adoptions of and upgrades to cyber-preparedness in both Europe and the Asia-Pacific (APAC) rose, but slightly declined in North America and Latin America in the past six months. But overall (i.e. extended past that six-month window), threats declined in every region except Europe. These ebbs and flows are of interest; they illustrate the dynamism to try new cybersecurity solutions and lead by example, as well as where there are pitfalls and areas for improvement.

Now, a pinch more of the not-so-good news.

Despite scaling improvements, most organizations still harbor pessimism about their cybersecurity prospects over the coming year. The majority of respondents said it was "somewhat to very likely" they'd suffer a breach of customer data (70%), intellectual property (69%), or experience a successful cyber attack (78%). These figures represent declines of 1%, 2%, and 7%, respectively, from Trend Micro’s previous report.

The top four threats listed by respondents remained the same:

  • Clickjacking
  • Business Email Compromise (BEC)
  • Ransomware
  • Fileless attacks

Interestingly, "botnets" replaced "login attacks" in fifth place. Sadly, inside employees (i.e. likely former ones, now) represented three of the top five infrastructure risks:

  • Insider negligence
  • Cloud computing infrastructure holes and provider errors
  • Mobile, hybrid or fully remote employee actions
  • A shortage of qualified personnel
  • Virtual computing environments (e.g. servers, endpoints)
Dr. Larry Ponemon, a chairman and the founder of the Ponemon Institute, stressed the importance of “considering not just technology solutions, but also our people and processes that help mitigate these risks, especially as the shift to hybrid working gathers momentum.”


Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

Shining a Light on the Dark Web: Searchlight Cyber Debuts Comprehensive Hub

By: Greg Tavarez    3/28/2024

The Dark Web Hub is a one-stop shop for crucial context and continuously updated information on dark web marketplaces, ransomware actors, hacking foru…

Read More

Stellar Cyber and Trellix Bridge the Gap in Security Operations

By: Greg Tavarez    3/28/2024

Stellar Cyber announced the integration with Trellix Endpoint Security HX to allow customers to deploy more robust security solutions and improve thei…

Read More

CyberSaint Raises $21M in Series A Funding to Continue Securing its CyberStrong Customers

By: Alex Passett    3/27/2024

CyberSaint announced that it succeeded in a huge $21 million Series A funding round. This was led by Riverside Acceleration Capital (RAC) with other i…

Read More

US Education Receives Security Upgrade with Free Browser Protection Offered by Conceal, Carahsoft

By: Greg Tavarez    3/27/2024

Conceal and Carahsoft recently unveiled an initiative to fortify the cybersecurity infrastructure of U.S. educational institutions.

Read More

Cato's AI Takes Control of Security and Incident Response

By: Greg Tavarez    3/27/2024

With Cato's recently announced Network Stories for Cato XDR, advanced AI algorithms instantly identify outages in customer networks and conduct root c…

Read More