Trend Micro Reveals Gaps in Attack Surface Protection
Globally, businesses face mounting challenges in maintaining comprehensive security coverage.
The Cybersecurity Ventures report predicts that cybercrime will cost the world US$10.5tn annually by 2025, underscoring the urgent need for robust defences.
Meanwhile, attack surface risk management has become a critical concern too, with the rapid expansion of digital footprints exposing organisations to new vulnerabilities.
Researching these challenges, a recent study has uncovered significant shortcomings in key cyber areas.
Conducted by Trend Micro, a global cybersecurity company, the study found that as digitalisation increases across the world, UK organisations are falling short in key areas of cybersecurity.
The organisation surveyed 100 UK cybersecurity leaders and found significant gaps in 24/7 security coverage, attack surface risk measurement and the adoption of proven security frameworks.
These findings come as governments worldwide are ramping up efforts to bolster cyber defences, placing increased pressure on businesses to enhance their digital security posture.
These findings also come amid growing global regulatory efforts to enhance cybersecurity resilience across industries.
Alarming gaps in cyber defences
Bharat Mistry, Technical Director at Trend Micro, originally explained in 2022 that an attack surface is “comprised of all the digital assets that could be compromised by remote or local threat actors.”
- Laptops and PCs
- IoT endpoints
- Mobile/web apps and websites
- Remote desktop protocol (RDP) endpoints
- Virtual private networks (VPNs)
- Servers
- Cloud services
- Supply chain infrastructure and services
He continues: “Attacks target these via a wide variety of tools and techniques—from phishing to vulnerability exploitation. And once inside networks, they may move laterally to other parts of the attack surface.”
The research from Trend Micro’s study, reveals that only 31% of UK organisations have sufficient staffing for round-the-clock cybersecurity coverage.
This leaves a significant portion of businesses vulnerable during off-hours, when cyber attacks can still occur.
Attack surface management, a technique used to measure and understand the risk across an organisation's digital presence, is only employed by 32% of respondents.
This lack of comprehensive risk assessment could leave companies blind to potential vulnerabilities.
Furthermore, just 34% of organisations are using proven regulatory frameworks like the NIST Cybersecurity Framework.
These frameworks provide structured approaches to cybersecurity, helping organisations to implement best practices and meet regulatory requirements.
Leadership accountability in question
The study suggests that these cybersecurity shortcomings may stem from a lack of leadership and accountability at the top levels of organisations.
Globally, nearly half of respondents claimed that their leadership doesn't consider cybersecurity to be their responsibility.
This disconnect between leadership and cybersecurity teams can lead to inconsistent attitudes towards cyber risk, with 54% of UK respondents noting that their organisation's approach varies from month to month.
Bharat emphasises the need for clear leadership on cybersecurity: "Companies need CISOs to clearly communicate in terms of business risk to engage their boards".
Broader implications for UK businesses
The findings raise concerns about the overall cyber resilience of UK businesses.
With 94% of surveyed organisations expressing worries about their attack surface and over a third concerned about their ability to discover, assess and mitigate high-risk areas, there's a clear need for improvement.
These gaps in cybersecurity practices could leave UK businesses vulnerable to increasingly sophisticated cyber threats.
As global regulatory efforts intensify, organisations that fail to address these issues may find themselves struggling to comply with new standards and protect their digital assets.
"Ideally, they should have a single source of truth across the attack surface from which to share updates with the board, continually monitor risk, and automatically remediate issues for enhanced cyber-resilience," Bharat adds.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand