The Details of the 1H’2021 CRI
Let’s dig into the results a bit further to identify areas of greatest concern across regions.
1. With the global Covid-19 pandemic continuing, and seeing many successful ransomware attacks and breaches, it does appear that many organizations felt their preparedness may be more of a concern now than in the past. Below are the top five security risks around their infrastructure:
a. Organizational misalignment and complexity
b. Desktop or laptop computers
c. Cloud computing infrastructure and providers
d. DNS server environment
e. IOT devices and applications
Organizations continue to be challenged with the complexity of their infrastructures, with cloud implementations and IOT being adopted. This year, it may not be surprising to see (b) above based on the number of successful attacks targeting these computers. The DNS environment is new to this list and may show concerns over successful attackers targeting this area of their networks.
2. Globally, respondents answered the following question with the lowest number for preparedness out of all 31 questions in this area: My organization’s IT security function is able to prevent most cyber-attacks. This was a key area of preparedness that caused the index to be at an elevated risk level.
3. In asking about attacks in the past 12 months and future attacks in next 12 months, the results don’t bode well for 2H’2021. Globally, 81% had 1 or more successful attacks, and 24% had 7 or more successful attacks in the past 12 months. Additionally, 86% say it is somewhat to very likely they will have a successful attack in the next 12 months. This again appears to indicate organizations know they are not prepared enough to defend against new attacks.
The CRI is designed to help organizations understand where their highest risks lie and identify areas where they can improve their preparedness. We cannot change what the attackers will do in the future, but the cyber threat index will continue to help us understand if attackers are being more aggressive. From 2020 to 1H’2021, the three numbers in #3 above all increased, indicating that attackers are likely becoming more aggressive.
For example, we’ve run the CRI 4 times now for N. America and the cyber threat index has stayed consistent, 5.22 in 2018, 5.5 in 2019, 5.22 in 2020 and 5.35 in 1H’2021. So, the biggest areas that can shift the CRI from a negative result to positive results (less risk) are in cyber preparedness which has unfortunately been falling for the past 3 years, 5.34 in 2019, 4.14 in 202, and 4.07 in 1H’2021. Note, a lower CPI means higher risk level.
Based on the results, these are the areas of preparedness that most need work to address the perceived areas of highest risk:
- Ensure the IT security leader (CISO) has sufficient authority and resources to achieve a strong security posture.
- Improve the organization’s ability to know the physical location of business-critical data assets and applications.
- Look to improve the organizational misalignment and complexity of its security infrastructure.
- Train and educate employees about cyber threats and ensure they view cybersecurity as a necessary part of their jobs.
- Adopt cloud computing infrastructure and work with the providers to secure it. Also, educate the staff charged with implementing these new technologies, so they are able do so securely.
- Improve the ability to detect and respond to new attacks and deploy a more connected threat defense infrastructure that limits the number of security solutions and allows visibility across the entire attack lifecycle.
- Look for ways to improve threat sharing and collaboration with other organizations and governments.
The CRI is ongoing, and we update it each year to show trends around the ability to prepare and withstand attacks. I’m looking forward to seeing how the global respondents may change their perceptions in the future.
Until then, enjoy the 1H’2021 CRI results. Check the webpage for more details and assets and to assess your own organization’s CRI against the current results: www.trendmicro.com/cyberrisk.
Read More HERE