A new report from security vendor Trend Micro quantifies the current level of risk most organizations are facing, highlighting how ill-prepared we really are, how many have already been victims, and what attacks to expect next.
When you consider your own organization my guess is that, despite any successful attack specifics, you think of your organization as being relatively secure. And it makes sense: you are likely only going to realize your level of security (or insecurity) once you’ve been a victim of a cyberattack, and just how impactful was that attack sets your standard.
But that can lull you into a false sense of security, because cybersecurity isn’t a static “yes/no” option; it’s a fluid, ever-changing state of keeping the organization protected. So, it becomes necessary to look at empirical data that represents many organizations to see just how you fare to gain a bigger picture view of the current state of organizational security overall.
Trend Micro’s recent Cyber Risk Index report paints a pretty accurate picture of today’s average cybersecurity stance:
- 78% of North American organizations have experienced one or more attacks in the last 12 months
- 15% have experienced seven or more attacks in the last 12 months
- Organizations worldwide rate their cybersecurity preparedness (on a scale of 1-10, with 10 being the best) at only 4.97
- Trend Micro estimate a 77% likelihood that organizations will suffer a critical data breach in the next year
The report goes on to provide details of the top cyber threats per geographic region. In North America, the top threat is Phishing and Social Engineering (it’s number 3 worldwide). This is a tactic that will only go away once it’s no longer providing threat actors with the access they need. And that means users need to stop engaging with phishing email content through the clicking of links and opening of attachments.
It’s only through Security Awareness Training that users will learn how to identify malicious phishing content and avoid engaging with it, materially reducing the risk of attack.
Given the Trend Micro data, it’s evident that organizations just aren’t prepared. It’s time to change that by addressing the top cyber threats head on, putting people, process, and technology in place that counteracts cybercriminal activity.