The report reveals that the Americas have the highest average risk due to vulnerabilities in the banking sector and the region's attractiveness to cybercrime
During Cybersecurity Awareness Month, Trend Micro, a global leader in cybersecurity, warns of the importance of companies increasing their visibility of the attack surface. This is because the new study* on cyber risk, with metrics by region, organization size, sectors and asset types, reveals that companies still have weak configurations that can compromise their security controls.
“Moving to a more risk-based approach to cybersecurity – covering the entire attack surface, using AI to calculate true risk, and providing mitigating control advice – enables an organization to improve its security posture. This is a game-changer for all industries,” said Jon Clay, vice president of Threat Intelligence at Trend Micro.
Using a catalog of risk events, the Trend Vision One™ platform calculated a risk score for each asset type and an index for organizations by multiplying an asset’s attack, exposure and security configuration by impact. An asset with low business impact and few privileges has a smaller attack surface, while higher-value assets with more privileges have a larger attack surface.
Using this method, the following assets were considered high risk:
Devices: 18 million devices in total, with 620,610 classified as high risk;
Accounts: 44 million accounts in total, with 17,065 classified as high risk;
Cloud Assets: 14.8 million total cloud assets, with 8,088 classified as high risk.
Internet-facing assets: 1 million in total, with 1,141 classified as high risk.
Applications: 8 million requests in total, with 565 classified as high risk.
The number of high-risk devices was much higher than the number of accounts, even though there were more accounts overall. This means that devices have a larger attack surface, meaning they are more susceptible to threats. However, accounts are still valuable because they can grant threat actors access to a variety of resources.
Analysis by region
The report also shows that the Americas have the highest average risk among regions, with an index of 44.6, thanks to vulnerabilities in the banking sector, critical infrastructure and the region’s attractiveness to profit-driven criminals.
Europe is the region that is most likely to patch vulnerabilities, indicating strong security practices. In terms of methods, mining has the highest risk score compared to other verticals, due to its strategic position in global supply chains and large attack surface.
The top risk event detected was access to cloud applications, which presents a high level of risk based on historical application data, known security features, and community knowledge. Old and inactive accounts, accounts with disabled security controls, and sensitive data sent off-network are also noteworthy.
“Organizations need to create an action plan to prevent attacks before they happen, thus reducing overall risk in the short, medium and long term. By opting for a risk-based cybersecurity approach, a company is adopting a proactive rather than reactive strategy, thus staying one step ahead of attackers,” says Trend Micro Brazil’s Technology Director, Flávio Silva.
As the threat landscape evolves, organizations’ ability to identify and manage risks becomes increasingly critical. The Trend Vision One™ platform, with integrated Attack Surface Risk Management (ASRM), provides the tools needed for comprehensive threat visibility and effective risk mitigation.
Click ON HERE to read the full report.
*The report is based on telemetry data from Trend Micro’s Attack Surface Risk Management (ASRM) solution on its flagship cybersecurity platform, Trend Vision One™, as well as native Extended Detection and Response (XDR) tools. It is divided into two parts: user-facing, which assesses risk across assets, processes, and vulnerabilities, and attacker-facing, which maps behaviors, MITRE, and TTPs. Data points are based on telemetry from December 25, 2023, to June 30, 2024.
About Trend Micro
Trend Micro, a global leader in cybersecurity, helps make the world a safer place to exchange digital information. Powered by decades of cybersecurity expertise, global threat research, and continuous innovation, Trend Micro’s AI-powered cybersecurity platform protects hundreds of thousands of individuals and organizations across the cloud, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, Trend Micro delivers a powerful array of advanced threat defenses optimized for environments such as AWS, Microsoft, and Google, and central visibility for faster, better detection and response. With 7,000 employees across 70 countries, Trend Micro enables organizations to secure and simplify their connected world.
Site: www.trendmicro.com/pt_br/business.html
Twitter: TrendmicroBR
Linkedin: www.linkedin.com/company/trend-micro-brasil/
EN 
PT 
