In Trend Micro’s latest Cyber Risk Index (CRI) report, the increase and risk of cyber attacks in the last year are exposed. According to the new survey, 80% of global organizations indicate that they are likely to experience a data breach affecting their customers’ information in the next 12 months.
The Cyber Risk Index (CRI) conducted in the first half of 2021, surveyed more than 3,600 companies of all sizes and industries in North America, Europe, Asia-Pacific, and Latin America. The CRI is based on a numerical scale from -10 to 10, where -10 represents the highest level of risk. The current global index stands at -0.42, a slight increase from last year, indicating a “high” risk.
Preparing organizations for cyber risks
John Clay, vice president of intelligence, said that the survey found a lot of information to keep CISOs awake, from operational and infrastructure risks to data protection, threat activity, and challenges in a humane way. According to the executive, to reduce cyber risk, organizations must be better prepared by going back to basics, identifying critical data at the highest risk, targeting the threats that matter most to their business, and providing multi-layered protection from end-to-end connected platforms.
In this edition and for the first time, the research analyzed six countries in South America: Peru, Colombia, Argentina, Ecuador, Brazil, and Chile. It was concluded that the latter has a CRI of -0.26, which makes it the country in the region with the highest number of cyber threats. On the other hand, Argentina and Brazil are considered the nations with the best-prepared organizations in terms of cybersecurity with a CRI of 0.6 and 0.19.
One of the indicators that are analyzed in the study is the Readiness Index. It consists of defining how capable organizations are to face a cyber-attack and according to their scale, the lower the number, the greater the risk.
In this evaluation, Chile obtained a 5.3, finding itself again in the lowest position, followed by Peru with 5.47 and Ecuador with 5.49. In this indicator, Argentina and Brazil once again stood out as the best positioned in the area.
Among the top two infrastructure risks was cloud computing. Global organizations gave it a 6.77, ranking it as high risk on the index’s 10-point scale. Also, many respondents admitted that they spend “considerable resources” on risk management from third parties, such as cloud providers.
CYBERSECURITY, THE GREAT CHALLENGE OF HYBRID WORK
For Cristián Rojas, academic of the Continuing Education Program of the Department. of Computer Science from the University of Chile, hybrid work represents important challenges, especially in terms of information security of the companies that adopt it. “In the past, large companies have been affected by attacks. If they – which suppose to have robust systems and specialized professionals – have been violated, it is very likely that the medium-sized ones and with less capacity to develop solutions of this type will also be “.
According to Rojas, organizations now have multiple access points, which attackers can breach. The attack surface offered by organizations is now greater, therefore attacks can be very damaging.
An example of this is the ambiguous or non-existent policies on mobile devices or those used by collaborators to carry out their work in places outside the office. The expert mentioned that the use of it leaves users exposed to scams, data leaks from mobile applications or malware, not to mention exposing information and data from the organizations themselves.
Despite all the measures that an organization can take to protect its data, the human factor is key to not generating spaces of vulnerability or risk in them. Gartner estimates that by 2025 the user will be responsible for 99% of security breaches in the cloud, while Verizon estimated in 2019 that human errors were the cause of 21% of security breaches that occurred in organizations.
Rojas emphasizes that safety must be fundamental for all types of organizations, regardless of their size or activity, even more so considering hybrid work. “This modality will be the one established in the majority of organizations from now on. Maintaining the security of data and systems, giving employees the benefits of flexibility, should be the focus of organizations ”, he concluded.
Main security risks
- Man-in-the-middle attacks
- Data hijacking
- Phishing and social engineering
- Fileless attack
- Botnets
The main security risks for infrastructure remain the same as last year and include misalignment and complexity of the organization, as well as infrastructure and cloud computing providers. Additionally, respondents identified customer churn, loss of intellectual property, and disruption or damage to critical infrastructure as key operational risks for organizations globally.
Finally, the main challenges to cybersecurity readiness include limitations for security leaders who lack the authority and resources to achieve a strong security posture, as well as for organizations struggling to enable security technologies that are sufficient to protect your data assets and IT infrastructure.