Cybercrime opportunities are spiraling out of control, businesses say, as the expanding attack surface makes risk management a major challenge.
Surveying more than 6,000 IT and business decision-makers in 29 countries for its latest report, Trend Micro said 73% of respondents are worried about the growing attack surface.
More than a third (37%) said their attack surface is “constantly evolving and messy”, while just half (51%) were able to fully define its borders. For 43%, it’s spiraling out of control.
Of all the different challenges businesses face, when securing their endpoints, visibility seems to be the biggest one. Almost two-thirds (62%) admitted to having blind spots, mostly in their cloud environments. The average company sees less than two-thirds (62%) of its attack surface, meaning crooks have more than a third of infrastructure to deploy viruses and other malware on.
Visibility and manual work
The bigger the company, the bigger the problems. Two-thirds (65%) of respondents said that for international enterprises, that work in different jurisdictions, securing the attack surface is an even bigger challenge.
Besides visibility, Trend Micro has also identified manual labor as a major issue. A quarter (24%) are still mapping their systems manually, while roughly a third (29%) do it regionally, spawning additional silos and visibility gaps.
“IT modernization over the past two years was a necessary response to the ravages of the pandemic, but in many cases it unwittingly expanded the digital attack surface, giving threat actors more opportunities to compromise key assets,” said Bharat Mistry, Technical Director at Trend Micro.
> API monitoring: taking visibility to the next level (opens in new tab)
> How to protect yourself and your data online by reducing visibility (opens in new tab)
> SaaS: improving security through application visibility (opens in new tab)
Mistry claims a unified, platform-based approach can help minimize visibility gaps, enhance risk assessment, and better protect a complex, distributed IT environment.
More than half (54%) of global organizations, the report has also found, don’t consider their risk assessment sophisticated enough. Less than half (45%) have a completely well-defined way to assess risk exposure, a third (35%) review it once a month, while less than a quarter (23%) review it daily.
- Protect your premises from cybercrime with the best firewalls around (opens in new tab)