With increased IT modernisation in recent years, Indian organisations are worried about the growing cyber risks that come along with it. A new study reveals that visibility challenges appear to be the main reason organisations are struggling to manage and understand cyber risks in today’s business environment, with 92% stating they are concerned about the ever evolving and broadening attack surface.
An attack surface visibility is any asset exposed to attacks, whether it is on-premise, cloud-based, or managed through third parties. The more cyber assets in an organisation’s environment, the harder it becomes to completely understand its full scope.
Unfortunately, the study by cyber security firm Trend Micro, revealed that on average, organisations in India have only 67% visibility over their complete attack surface and over 39% of organisations feel completely exposed to cyber risk in case of a cloud outage.
The study noted that attack surface visibility is challenging due to various reasons, such as lacking the right tool, or organisations have too many tools that are keeping information in silos, constant technology innovation and lack of visibility, among others.
“IT modernisation over the past two years was a necessary response to the ravages of the pandemic, but in many cases, it unwittingly expanded the digital attack surface, giving threat actors more opportunities to compromise key assets,” said Sharda Tickoo, Technical Director, India and SAARC, Trend Micro.
Investigations into recent data breaches have shown that despite increased investment, companies continue to struggle with managing their attack surface. According to ESG’s 2021 Security Hygiene and Posture Management Survey, two-thirds (67%) of organisations said that their attack surface has increased over the past two years, thanks to greater use of Internet of Things (IoT) and cyber-physical systems. And nearly 70% said they have been compromised via unknown, unmanaged, or poorly managed internet-facing asset in the past year.
The increased exposure to attack has dire implications, as revealed in a 2021 report by IBM Security and Ponemon Institute that the average total cost of a data breach spiked to an all-time high of $4.24 million in 2021.
"While cyber threats come in many forms, from ransomware to phishing to cloud jacking, there’s one thing they all have in common: when your organisation is attacked, it’s through your cyber assets—in other words, users, cloud assets, devices, or elements of your digital environment," it said.
The Trend Micro study can be an eye-opener to CISOs and security experts, for they can play a more vital role in demonstrating good cybersecurity practices, as also suggested by the respondents. “Any attempt to strengthen your security posture has to begin with better visibility, understanding, and management of this landscape: what you have, what it’s connected to, and who owns it,” the study said.