New research from Trend Micro has revealed that 54% of global organizations feel their cyber risk assessments are not sophisticated enough – exposing them to ransomware, phishing, IoT and other threats. Respondents also indicated that overly complex tech stacks and lack of awareness from leadership are exacerbating issues.
Many organizations are struggling with manual approaches to attack surface mapping (28%), and 32% report difficulty working with multiple tech stacks. This may explain why only around 40% are able to accurately detail any one of the following based on risk assessments:
- Risk levels for individual assets
- Attack attempt frequency
- Attack attempt trends
- Impact of a breach on any particular area
- Industry benchmarks
- Preventative action plans for specific vulnerabilities
Bharat Mistry, Technical Director at Trend Micro: “We already knew that organizations are concerned about a fast-expanding digital attack surface with limited visibility. Now we know that they also need urgent help to discover and manage cyber risk across this environment. In many cases, the challenge is compounded by siloed point solutions. Organizations must search for a single platform that gives them the certainty and security they require.”
About one third of the IT and business decision makers Trend Micro interviewed say that assessing risk is the main area of attack surface management they struggle with. As a result, over 80% feel exposed to ransomware, phishing and IoT attacks.
The inability of organizations to accurately assess attack surface risk also keeps business leaders in the dark. Over half of respondents struggle to quantify risk exposure to leadership, and only 3% believe their C-suite fully understands cyber risk at present. There’s a clear opportunity here for organizations to leverage third-party expertise.
Two-fifths (39%) of respondents are already invested in a platform-based approach to attack surface management, while half (50%) of respondents say they’d like to do the same. Of those who’ve already made the move, improved visibility (38%), faster breach detection (35%) and accelerated response (34%) are the most cited advantages.
Trend Micro commissioned Sapio Research to interview 6297 IT and business decision makers across 29 countries to compile the study.