Hackers have stolen customer records multiple times from nearly a third of organizations worldwide in the past 12 months, security provider Trend Micro said in its newly released, twice-yearly Cyber Risk Index (CRI) report.
Concern Over Customer Records
The report features interviews with some 4,100 organizations across North America, Europe, Latin/South America and Asia-Pacific. Respondents stressed that customer records are at increased risk as organizations struggle to profile and defend an expanding attack surface.
Overall, respondents rated the following as the top cyber threats in 1H 2022:
- Business Email Compromise (BEC)
- Fileless attacks
- Login attacks (Credential Theft)
Here are some key findings from the study:
- The CRI calculates the gap between organizational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from –0.04 in 2H 2021 to –0.15 in 1H 2022, indicating a surging level of risk over the past six months.
- This is a slight increase in risk from the second half of 2021, when it was -0.04. Organizations in North America and Asia-Pacific saw an increase in their cyber risk from that period while Europe and Latin/South America’s risk decreased in comparison.
- The number of global organizations experiencing a "successful" cyber-attack increased from 84% to 90% over the same period.
- The number now expected to be compromised over the coming year has also increased from 76% to 85%.
IT-Business Gap Identified
From the business perspective, the biggest concern is the misalignment between CISOs and business executives, Trend Micro said. Based on the scores given by respondents to the question: "My organization's IT security objectives are aligned with business objectives," only made a score of 4.79 out of 10.
By addressing the shortage of cybersecurity professionals and improving security processes and technology, organizations will significantly reduce their vulnerability to attacks, said Jon Clay, Trend vice president of threat intelligence.
As Clay advised:
"You can't protect what you can't see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organizations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiraling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform."