Trend Micro Reveals Gaps in Attack Surface Protection

Share
A study by Trend Micro sheds light on flaws in attack surface protection (image credit: Trend Micro)
Trend Micro study reveals critical gaps in attack surface protection, highlighting urgent need for improved cyber resilience across businesses

Globally, businesses face mounting challenges in maintaining comprehensive security coverage.

The Cybersecurity Ventures report predicts that cybercrime will cost the world US$10.5tn annually by 2025, underscoring the urgent need for robust defences.

Meanwhile, attack surface risk management has become a critical concern too, with the rapid expansion of digital footprints exposing organisations to new vulnerabilities.

Researching these challenges, a recent study has uncovered significant shortcomings in key cyber areas.

Conducted by Trend Micro, a global cybersecurity company, the study found that as digitalisation increases across the world, UK organisations are falling short in key areas of cybersecurity.

The organisation surveyed 100 UK cybersecurity leaders and found significant gaps in 24/7 security coverage, attack surface risk measurement and the adoption of proven security frameworks.

These findings come as governments worldwide are ramping up efforts to bolster cyber defences, placing increased pressure on businesses to enhance their digital security posture.

These findings also come amid growing global regulatory efforts to enhance cybersecurity resilience across industries.

Alarming gaps in cyber defences

Bharat Mistry, Technical Director at Trend Micro, originally explained in 2022 that an attack surface is “comprised of all the digital assets that could be compromised by remote or local threat actors.”

This includes:
  • Laptops and PCs
  • IoT endpoints
  • Mobile/web apps and websites
  • Remote desktop protocol (RDP) endpoints
  • Virtual private networks (VPNs)
  • Servers
  • Cloud services
  • Supply chain infrastructure and services

He continues: “Attacks target these via a wide variety of tools and techniques—from phishing to vulnerability exploitation. And once inside networks, they may move laterally to other parts of the attack surface.”

Bharat Mistry, Technical Director at Trend Micro

The research from Trend Micro’s study, reveals that only 31% of UK organisations have sufficient staffing for round-the-clock cybersecurity coverage.

This leaves a significant portion of businesses vulnerable during off-hours, when cyber attacks can still occur.

Attack surface management, a technique used to measure and understand the risk across an organisation's digital presence, is only employed by 32% of respondents.

This lack of comprehensive risk assessment could leave companies blind to potential vulnerabilities.

Furthermore, just 34% of organisations are using proven regulatory frameworks like the NIST Cybersecurity Framework.

These frameworks provide structured approaches to cybersecurity, helping organisations to implement best practices and meet regulatory requirements.

Leadership accountability in question

The study suggests that these cybersecurity shortcomings may stem from a lack of leadership and accountability at the top levels of organisations.

Globally, nearly half of respondents claimed that their leadership doesn't consider cybersecurity to be their responsibility.

This disconnect between leadership and cybersecurity teams can lead to inconsistent attitudes towards cyber risk, with 54% of UK respondents noting that their organisation's approach varies from month to month.

Youtube Placeholder

Bharat emphasises the need for clear leadership on cybersecurity: "Companies need CISOs to clearly communicate in terms of business risk to engage their boards".

Broader implications for UK businesses

The findings raise concerns about the overall cyber resilience of UK businesses.

With 94% of surveyed organisations expressing worries about their attack surface and over a third concerned about their ability to discover, assess and mitigate high-risk areas, there's a clear need for improvement.

These gaps in cybersecurity practices could leave UK businesses vulnerable to increasingly sophisticated cyber threats.

As global regulatory efforts intensify, organisations that fail to address these issues may find themselves struggling to comply with new standards and protect their digital assets.

"Ideally, they should have a single source of truth across the attack surface from which to share updates with the board, continually monitor risk, and automatically remediate issues for enhanced cyber-resilience," Bharat adds.
 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

 

Share

Featured Articles

Cloudflare and the Push for E2E Encryption of Messaging Apps

Cloudflare has partnered with Whatsapp to deliver E2EE and Key Transparency for millions of users

Why Biden Was Proved Right on Push to Secure Water Utilities

The outgoing President has seen the threats posed by cyber attacks on specific utilise like water and has thus been pushing for tighter regulations

AI-Native Edge: Juniper Networks Vision of Networking

Juniper Network is aiming to offer visibility across network and security operations with its new Secure AI-Native Edge solution

DNV & CyberOwl Join to Give Shipping Huge Cyber Offering

Operational Security

Why is Active Directory a Concern for CISOs?

Cyber Security

Palo Alto Networks, Deloitte and The Push to Platformization

Cyber Security