Remote working and cloud infrastructure top cyber risk for organizations
Trend Micro Incorporated, a global cybersecurity leader, today announced the findings of its latest global Cyber Risk Index (CRI) for the second half of 2021, which revealed that 67% of organizations in Malaysia think they’ll be successfully attacked in the next 12 months, with 22% claiming this is “very likely” to happen.
The findings from the semi-yearly report aim to measure the gap between respondents’ preparedness of attack and their likelihood of being attacked. In the second half of 2021, CRI report surveyed more than 3,400 Chief Information Security Officers (CISOs) as well as IT practitioners and managers across Asia-Pacific, North America, Europe, and South America.
The CRI index value scoring is derived based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current CRI in Malaysia stands at 0.37, an increase from the 0.08 CRI score recorded in the first half of 2021, indicating an improvement in the state of cybersecurity preparedness in the country.
In Malaysia, the report revealed that:
- 87% claimed to have suffered one or more successful cyber attacks in the past 12 months
- 31% suffered more than 7 cyber attacks that infiltrated networks/systems
- 26% had more than 7 data breaches of information assets
- 24% suffered more than 7 breaches of customer data over the past year
“To craft effective cybersecurity strategy, organizations must master the art of risk management. This is where reports like the CRI can be a great resource in highlighting areas of possible concern,” said Goh Chee Hoh, Managing Director for Trend Micro Malaysia and Nascent Countries. “As remote working and digital infrastructure threats persist, organizations should adopt a platform-based approach to optimize security whilst minimizing their security sprawl.”
The CRI report also highlighted the top five cyber threats in Asia-Pacific (APAC):
- Phishing and social engineering – attacks that often scam and steal user data with fraudulent messages usually via emails or text with links or attachments
- Botnets – cybercriminals that infiltrate and gain control of the organizations’ network
- Fileless attack – a malware that uses legitimate tools built in the system to execute an attack
- Ransomware – an attack that withholds critical or personal data, usually to extort some form of payment or exchange from its victims
- Denial of Service (DoS) – an attack that disrupts and prevents the daily operational functions of its victims
APAC organizations also ranked the top five negative consequences of an attack as stolen or damaged equipment, cost of outside consultants and experts, regulatory actions or lawsuits, reputation or brand damage, and customer turnover.
When it comes to security risks within IT infrastructure, organizations are most worried about mobile or remote employees, across third-party applications, and mobile devices such as smartphones.
This highlights the ongoing challenge many organizations have around securing the digital investments they made during the pandemic. Such investments were necessary to support remote working, drive business efficiencies and agility, and understand the corporate attack surface.
“Organizations are facing demanding security challenges every day, from software vulnerabilities, data breaches, to ransomware attacks and more,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “The semi-annual survey has been a tremendous asset in evaluating the rapidly evolving cyber risk landscape to help organizations improve security readiness and serving as a guidance in strategic planning.”
To view the full report, CRI 2022, please visit: www.trendmicro.com/cyberrisk