Trend Micro Customers Lower Cyber Risk Scores Through Proactive Security
Trend Micro (TYO: 4704) reported a significant improvement in cybersecurity metrics, with its Cyber Risk Index (CRI) score dropping to 38.4 in 2024, a 6.2-point decrease from 2023. The score declined consistently throughout the year, from 42.5 in February to 36.3 in December.
Key findings from the 2024 Cyber Risk Report include:
- Risky cloud app access and stale Microsoft Entra ID accounts were identified as top security risks
- Over one billion organizations had multi-factor authentication disabled
- Europe (23.5 days) and Japan (27.5 days) showed fastest Mean Time to Patch
- Education, agriculture, and construction sectors showed highest risk exposure
- Organizations with above-average CRI were 12 times more likely to suffer ransomware breaches
The report also highlighted emerging AI threats including deepfake phishing and virtual kidnapping scams, while emphasizing AI's potential in strengthening cybersecurity defenses through tools like Trend Cybertron.
Trend Micro (TYO: 4704) ha riportato un miglioramento significativo nei parametri di cybersecurity, con il punteggio del Cyber Risk Index (CRI) che è sceso a 38,4 nel 2024, registrando una diminuzione di 6,2 punti rispetto al 2023. Il punteggio è diminuito costantemente nel corso dell'anno, passando da 42,5 a febbraio a 36,3 a dicembre.
I principali risultati del Rapporto sul Rischio Cyber 2024 includono:
- L'accesso a applicazioni cloud rischiose e gli account Microsoft Entra ID obsoleti sono stati identificati come i principali rischi per la sicurezza
- Oltre un miliardo di organizzazioni aveva disabilitato l'autenticazione a più fattori
- Europa (23,5 giorni) e Giappone (27,5 giorni) hanno mostrato il tempo medio di patch più veloce
- I settori dell'istruzione, dell'agricoltura e delle costruzioni hanno mostrato la maggiore esposizione al rischio
- Le organizzazioni con CRI superiore alla media avevano 12 volte più probabilità di subire violazioni da ransomware
Il rapporto ha anche messo in evidenza le nuove minacce legate all'IA, tra cui il phishing con deepfake e le truffe di rapimento virtuale, sottolineando al contempo il potenziale dell'IA nel rafforzare le difese della cybersecurity attraverso strumenti come Trend Cybertron.
Trend Micro (TYO: 4704) informó una mejora significativa en las métricas de ciberseguridad, con su puntuación del Cyber Risk Index (CRI) cayendo a 38.4 en 2024, una disminución de 6.2 puntos respecto a 2023. La puntuación disminuyó de manera constante a lo largo del año, pasando de 42.5 en febrero a 36.3 en diciembre.
Los hallazgos clave del Informe de Riesgo Cibernético 2024 incluyen:
- El acceso a aplicaciones en la nube arriesgadas y las cuentas obsoletas de Microsoft Entra ID fueron identificados como los principales riesgos de seguridad
- Más de mil millones de organizaciones tenían desactivada la autenticación multifactor
- Europa (23.5 días) y Japón (27.5 días) mostraron el tiempo medio de parcheo más rápido
- Los sectores de educación, agricultura y construcción mostraron la mayor exposición al riesgo
- Las organizaciones con un CRI superior a la media tenían 12 veces más probabilidades de sufrir violaciones por ransomware
El informe también destacó las amenazas emergentes de IA, incluyendo el phishing con deepfake y las estafas de secuestro virtual, al mismo tiempo que enfatizó el potencial de la IA para fortalecer las defensas de ciberseguridad a través de herramientas como Trend Cybertron.
트렌드 마이크로 (TYO: 4704)는 사이버 보안 지표에서 상당한 개선을 보고했으며, 사이버 리스크 지수 (CRI) 점수가 2024년에 38.4로 떨어져 2023년보다 6.2점 감소했습니다. 점수는 2월 42.5에서 12월 36.3으로 일년 내내 꾸준히 감소했습니다.
2024 사이버 리스크 보고서의 주요 발견 사항은 다음과 같습니다:
- 위험한 클라우드 앱 접근과 오래된 Microsoft Entra ID 계정이 주요 보안 위험으로 확인되었습니다
- 10억 개 이상의 조직에서 다단계 인증이 비활성화되었습니다
- 유럽 (23.5일)과 일본 (27.5일)이 가장 빠른 패치 평균 시간을 보였습니다
- 교육, 농업 및 건설 분야가 가장 높은 위험 노출을 보였습니다
- 평균 이상의 CRI를 가진 조직은 랜섬웨어 침해를 당할 가능성이 12배 더 높았습니다
보고서는 또한 딥페이크 피싱 및 가상 납치 사기를 포함한 새로운 AI 위협을 강조했으며, Trend Cybertron과 같은 도구를 통해 사이버 보안 방어를 강화하는 데 있어 AI의 잠재력을 강조했습니다.
Trend Micro (TYO: 4704) a signalé une amélioration significative des indicateurs de cybersécurité, avec un score du Cyber Risk Index (CRI) tombant à 38,4 en 2024, soit une diminution de 6,2 points par rapport à 2023. Le score a diminué de manière constante tout au long de l'année, passant de 42,5 en février à 36,3 en décembre.
Les principales conclusions du Rapport sur le Risque Cyber 2024 incluent :
- L'accès à des applications cloud risquées et des comptes Microsoft Entra ID obsolètes ont été identifiés comme les principaux risques de sécurité
- Plus d'un milliard d'organisations avaient désactivé l'authentification multi-facteurs
- L'Europe (23,5 jours) et le Japon (27,5 jours) ont montré le temps moyen de correction le plus rapide
- Les secteurs de l'éducation, de l'agriculture et de la construction ont montré la plus grande exposition au risque
- Les organisations ayant un CRI supérieur à la moyenne étaient 12 fois plus susceptibles de subir des violations par ransomware
Le rapport a également mis en lumière les menaces émergentes liées à l'IA, y compris le phishing par deepfake et les escroqueries de kidnapping virtuel, tout en soulignant le potentiel de l'IA pour renforcer les défenses de cybersécurité grâce à des outils comme Trend Cybertron.
Trend Micro (TYO: 4704) berichtete von einer signifikanten Verbesserung der Cybersicherheitskennzahlen, wobei der Cyber Risk Index (CRI) im Jahr 2024 auf 38,4 fiel, was einem Rückgang um 6,2 Punkte im Vergleich zu 2023 entspricht. Der Wert sank im Laufe des Jahres kontinuierlich, von 42,5 im Februar auf 36,3 im Dezember.
Wichtige Erkenntnisse aus dem Cyber Risk Report 2024 umfassen:
- Risikobehafteter Zugriff auf Cloud-Anwendungen und veraltete Microsoft Entra ID-Konten wurden als größte Sicherheitsrisiken identifiziert
- Über eine Milliarde Organisationen hatten die Mehrfaktorauthentifizierung deaktiviert
- Europa (23,5 Tage) und Japan (27,5 Tage) zeigten die schnellste durchschnittliche Patch-Zeit
- Die Sektoren Bildung, Landwirtschaft und Bauwesen wiesen die höchste Risikobehaftung auf
- Organisationen mit überdurchschnittlichem CRI hatten ein 12-faches höheres Risiko, Opfer von Ransomware-Angriffen zu werden
Der Bericht hob auch aufkommende KI-Bedrohungen hervor, einschließlich Deepfake-Phishing und virtueller Entführungsbetrug, und betonte das Potenzial der KI zur Stärkung der Cybersicherheitsabwehr durch Tools wie Trend Cybertron.
- Significant improvement in cybersecurity metrics with CRI score dropping 6.2 points
- Consistent monthly decline in risk scores throughout 2024
- Europe achieved substantial seven-point CRI reduction
- Japan maintained lowest average CRI at 34.3
- Quick patch implementation in Europe (23.5 days) and Japan (27.5 days)
- Over one billion organizations identified with disabled multi-factor authentication
- Slow patch implementation in healthcare (41.5 days) and telecoms (38 days)
- High-risk exposure in education, agriculture, and construction sectors
- Organizations with above-average CRI face 12x higher ransomware risk
- Emerging AI-related security threats including deepfake phishing
Newly published report harnesses data from Trend's platform insights on cyber risk
To read the Trend 2024 Cyber Risk Report, please visit: https://www.trendmicro.com/vinfo/us/security/news/threat-landscape/trend-2025-cyber-risk-report
Rachel Jin, chief enterprise platform officer at Trend Micro: "Trend customers are embracing our vision for proactive security by using the AI-powered Trend Vision OneTM Cyber Risk Exposure Management to identify risk and prioritize mitigations. By getting on the front foot, they can build resilience, rapidly contain threats, and become more time and resource-efficient. It's an approach that any organization can emulate with the right mindset and tooling."
The CRI score declined each month throughout the year, from 42.5 in February to 36.3 in December. While organizations remain in the Medium Risk zone, the continued decline in CRI scores reflects real progress in cyber risk reduction. It highlights a growing shift toward continuous security assessment and risk-based decision-making.
Among the highlights from this year's report are:
Most risky events: Risky cloud app access came top, followed by "stale Microsoft Entra ID account." Rounding out the top 10 were email, user account and credential-related risks; many of them misconfiguration-related. Over one billion organizations were logged with multi-factor authentication disabled on Entra ID Accounts, highlighting a clear need for enhanced, automated identity security.
Average Mean Time to Patch (MTTP): The top detected and unpatched CVEs from 2024 were "high severity" Elevation of Privilege (EoP) vulnerabilities published in the first half of the year.
Industry breakdown: Education, agriculture and construction had the highest CRI in 2024, singling them out as the most exposed sectors.
Regional breakdown:
Ransomware: LockBit, RansomHub, and Play ransomware were responsible for the highest number of reported breaches in 2024. According to Trend research, organizations with a CRI above average are around 12 times more likely to suffer a ransomware breach than those below average.
AI: The report highlighted AI-assisted deepfake phishing, virtual kidnapping scams, and automated reconnaissance as key emerging AI threats. However, AI can also empower network defenders to better predict and prevent cyberattacks, such as via the industry-first security LLM Trend Cybertron.
To further lower their CRI, Trend urges global organizations to embrace a proactive security approach by:
- Optimizing security settings to maximize product features and get alerts on misconfigurations, vulnerabilities, and other risks. And leveraging native sensors/third-party sources to build a comprehensive view of the attack surface.
- Contacting the device and/or account owner when a risky event has been detected to verify and investigate using the Vision One Workbench search function.
- Inventorying stale accounts to delete inactive and unused ones, disabling risky accounts, resetting passwords with strong credentials, and enabling multi-factor authentication (MFA).
- Applying the latest patches or upgrading application/OS versions regularly
*Trend Vision One Cyber Risk Exposure Management uses its risk event catalog to formulate a risk score for each asset type and an index score for organizations. It does this by multiplying an asset's attack, exposure, and security configuration by asset criticality. The result is an integer between zero and 100 that falls into one of three levels: Low Risk (0-30), Medium Risk (31-69) and High Risk (70-100).
About Trend Micro
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's AI-powered cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, Trend's platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 70 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.
View original content to download multimedia:https://www.prnewswire.com/news-releases/trend-micro-customers-lower-cyber-risk-scores-through-proactive-security-302409547.html
SOURCE Trend Micro