Cyber Threats
Evolved Exploits Call for AI-Driven ASRM + XDR
AI-driven insights for managing emerging threats and minimising organisational risk
I’ve been working in cybersecurity now for over 28 years and been able to have a front row seat in how this industry has evolved and grown over the years. A lot has changed over the years and in my opinion we’re at the beginning stages of a major transformation in how businesses will manage their cybersecurity efforts. In the past, we dealt with mostly script kiddies and spam where the motive was to infect as many people and organisations as possible and the tactic was using email as the method to infect so many. Today, these script kiddies have 20 years of experience in cybercrime and are very good at what they do. We also are seeing more focused attacks targeting pre-selected organisations that will garner the most revenue for the threat actor or the group. The attack surface is now very broad and adversaries will target all of these in order to succeed in attacks. In the past, the traditional model was a best-of-breed, multi-layered strategy because it was the only option. But times have changed, and due to the advancements in technology we can now support a new model. Businesses need to shift as the traditional model has proven unsuccessful in protecting a business from these more sophisticated threat actors who are now working together in ways we never had before. Access as a Service groups have capabilities to penetrate most networks and then sell this access to other groups who perform a different function within the breached network. This may be a data exfiltration group or a ransomware affiliate whose motives are different. This now means that organisations could have multiple groups within their network doing different things that cause challenges for defenders as the traditional model just doesn’t have the ability to see these activities and correlate the activities.
Enter a new model focused on cyber risk, which allows an organisation to look at their cybersecurity posture in a different way. Instead of detection and response that occurs after a breach, this new model looks to minimise risk by identifying the ways in which and adversary may target the network and find the highest risk assets that should be acted upon immediately. Because technologies like AI and Generative AI (GenAI) have improved so much in recent years, we can now do things that we never were able to do at scale in the past. Attack Surface Risk Management (ASRM) tied to an eXtended Detection & Response (XDR) cybersecurity platform is now allowing these organisations to get a handle on their cyber risk and improve their abilities to defend their network from attacks. There are a few things this platform approach has done that has changed the game:
- In the past, cybersecurity vendors relied on their customers to deploy security within their networks and this proved challenging as their networks changed regularly. ASRM now delivers the ability to discover the entire attack surface for these businesses to now give them the visibility they need to identify all their assets.
- AI and GenAI can now manage the massive amounts of data that allows us the ability to analyse the discovered attack surface assets and build a risk score for each of them. It also can prioritise the risk level for each of these assets in order to give the business visibility into what is their highest risk.
- Because we have years of experience in how to improve cybersecurity capabilities, we can now offer mitigation strategies for these assets that will lower the risk identified. Many of these can be automated too so no need to have human intervention.
- Lastly, GenAI is becoming a tool that a business can use to help their employees by offering automated assistance for many of the day-to-day tasks SOC analysts, or IT practitioners do.
Trend Micro has been at the forefront of many of the industry's innovations over its 35 years in cybersecurity. And it is again supporting this by offering our Vision One cybersecurity platform that incorporates both ASRM and native XDR within the console. Every year we’ve been publishing threat reports that share what we’ve seen within our customer networks around the world detailing information about these attacks. With our new ASRM we now are generating risk data from these same customers around the world and today we’re releasing our first ever risk report, Intercepting Impact, 2024 Trend Micro Cyber Risk Report.
The report is based on:
- The risk index metrics calculate the overall risk presented to enterprises through various risk organised in a catalogue with three categories: Exposure, Attack, and Security Configuration.
- Customers can compare themselves to peers by industry, region, and business size and allows us to show data based on these breakdowns
- Trend customers using ASRM and native XDR solutions around the world
- The data was gathered for the 1H 2024
Some key insights that were found in this first report:
- Overall risk score is 43.40 which puts it in the medium risk level for organisations globally.
- Americas has the highest score and Japan the lowest
- Bigger companies have higher risk levels than smaller companies
- When analysing high-risk assets, we found the following had the highest risk levels:
- Accounts accessing risky cloud applications
- Inactive accounts being accessed
- High risk event attached to an email account
- Account sending sensitive information
- Weak account sign-in policies
- Mean Time to Patch had regions average between 29 to 36 days
- Misconfigurations of security products were the cause for high risk scores
These are just some of the key insights seen in this first edition of our cyber risk report and we will continue to publish new versions that will include trending data to give you a sense of whether organisations are improving their cyber risk. To see more detailed information, please read the report.
There are a few things that organisations could focus on based on the information within the report:
- Implement more secure account management policies like enabling multi-factor authentication (MFA) on critical accounts, especially email.
- Look to lower your mean time to patch as adversaries are weaponizing newly found vulnerabilities faster than ever. Virtual patching is a solution you should check out as part of your vulnerability management plan.
- Meet with your existing cybersecurity vendors and perform an audit of their products to ensure you have configured them optimally to protect you.
- Identify if you are using a best-of-breed cybersecurity model and if so, maybe discuss with a vendor like Trend who offers the new platform approach
I hope you enjoy reading this first edition of the Trend cyber risk report, and it can give you some insights into where risk is within many organisations around the world.