Trend Micro Warns Devices and Accounts are Highest-Risk Assets
Trend Micro's 2024 Cyber Risk Report highlights critical vulnerabilities and offers new ways to prioritize risk management. The report, based on data from Trend Vision One™ platform, calculates risk scores for various asset types. Key findings include:
- Devices and accounts are the highest-risk assets
- 877,316 devices and 12,346 accounts classified as high-risk
- Americas has the highest average risk index (43.4)
- Mining sector has the highest risk score
- Pharmaceuticals patch vulnerabilities fastest
The report emphasizes the need for greater visibility into risk across attack surfaces and recommends steps to mitigate cyber risk, including optimizing security settings, investigating risky events, disabling or resetting risky accounts, and regular patching.
Il Rapporto sulle Cyber Rischi 2024 di Trend Micro evidenzia le vulnerabilità critiche e offre nuovi modi per dare priorità alla gestione del rischio. Il rapporto, basato sui dati della piattaforma Trend Vision One™, calcola i punteggi di rischio per vari tipi di asset. I risultati chiave includono:
- I dispositivi e gli account sono gli asset a più alto rischio
- 877.316 dispositivi e 12.346 account classificati come ad alto rischio
- Le Americhe hanno l'indice di rischio medio più alto (43,4)
- Il settore minerario ha il punteggio di rischio più alto
- L'industria farmaceutica applica le patch nel modo più rapido
Il rapporto sottolinea la necessità di una maggiore visibilità sui rischi attraverso le superfici di attacco e raccomanda passi per mitigare il rischio cibernetico, tra cui l'ottimizzazione delle impostazioni di sicurezza, l'indagine su eventi rischiosi, la disabilitazione o il ripristino di account rischiosi e l'applicazione regolare delle patch.
El Informe sobre Riesgos Cibernéticos 2024 de Trend Micro destaca las vulnerabilidades críticas y ofrece nuevas formas de priorizar la gestión del riesgo. El informe, basado en datos de la plataforma Trend Vision One™, calcula los puntajes de riesgo para varios tipos de activos. Los hallazgos clave incluyen:
- Dispositivos y cuentas son los activos de mayor riesgo
- 877,316 dispositivos y 12,346 cuentas clasificadas como de alto riesgo
- Las Américas tienen el índice de riesgo promedio más alto (43.4)
- El sector minero tiene el puntaje de riesgo más alto
- La industria farmacéutica actualiza parches más rápidamente
El informe enfatiza la necesidad de una mayor visibilidad del riesgo en las superficies de ataque y recomienda pasos para mitigar el riesgo cibernético, incluyendo la optimización de la configuración de seguridad, la investigación de eventos de riesgo, la desactivación o reinicio de cuentas de riesgo y el parcheo regular.
트렌드 마이크로의 2024 사이버 리스크 보고서는 중요한 취약점을 강조하고 리스크 관리를 우선시하는 새로운 방법을 제공합니다. 이 보고서는 트렌드 비전 원(Trend Vision One™) 플랫폼의 데이터를 기반으로 다양한 자산 유형에 대한 리스크 점수를 계산합니다. 주요 발견 사항은:
- 장치와 계정이 가장 높은 리스크 자산입니다
- 877,316개의 장치와 12,346개의 계정이 높은 리스크로 분류됨
- 아메리카 지역이 가장 높은 평균 리스크 지수(43.4)를 보임
- 광업 부문이 가장 높은 리스크 점수를 기록
- 제약 산업이 패치를 가장 빠르게 적용함
이 보고서는 공격 표면 전반에 걸쳐 리스크에 대한 가시성이 더 필요함을 강조하고 사이버 리스크를 완화하기 위한 조치로 보안 설정 최적화, 위험한 사건 조사, 위험한 계정 비활성화 또는 재설정, 정기적인 패치 적용 등을 권장합니다.
Le Rapport sur les Risques Cyber 2024 de Trend Micro met en lumière les vulnérabilités critiques et propose de nouvelles façons de prioriser la gestion des risques. Le rapport, basé sur les données de la plateforme Trend Vision One™, calcule des scores de risque pour divers types d'actifs. Les principales conclusions incluent:
- Les dispositifs et les comptes sont les actifs à haut risque
- 877 316 dispositifs et 12 346 comptes classés à haut risque
- Les Amériques ont l'indice de risque moyen le plus élevé (43,4)
- Le secteur minier a le score de risque le plus élevé
- L'industrie pharmaceutique applique les correctifs le plus rapidement
Le rapport souligne la nécessité d'une meilleure visibilité des risques à travers les surfaces d'attaque et recommande des mesures pour atténuer les risques cybernétiques, notamment l'optimisation des paramètres de sécurité, l'examen des événements risqués, la désactivation ou la réinitialisation des comptes risqués, et le patching régulier.
Der Cyber-Risiko-Bericht 2024 von Trend Micro hebt kritische Schwachstellen hervor und bietet neue Wege zur Priorisierung des Risikomanagements. Der Bericht, basierend auf Daten der Trend Vision One™-Plattform, berechnet Risiko-Scores für verschiedene Asset-Typen. Die wichtigsten Ergebnisse umfassen:
- Geräte und Konten sind die risikoreichsten Assets
- 877.316 Geräte und 12.346 Konten werden als Hochrisiko eingestuft
- Die Americas haben den höchsten durchschnittlichen Risikoindex (43,4)
- Der Bergbausektor hat den höchsten Risikoscore
- Die Pharmaindustrie behebt Schwachstellen am schnellsten
Der Bericht betont die Notwendigkeit eines besseren Überblicks über Risiken in Angriffsoberflächen und empfiehlt Schritte zur Minderung von Cyber-Risiken, einschließlich der Optimierung von Sicherheitseinstellungen, der Untersuchung riskanter Ereignisse, der Deaktivierung oder Zurücksetzung riskanter Konten und regelmäßigen Patchings.
- Trend Micro's Vision One™ platform provides comprehensive threat visibility and risk mitigation tools
- The report offers granular metrics by region, company size, industry, and asset type
- Europe is the quickest region to patch vulnerabilities, indicating strong security practices
- Pharmaceuticals sector patches vulnerabilities fastest, reflecting importance of data protection
- 877,316 devices and 12,346 accounts classified as high-risk
- Americas has the highest average risk index among regions (43.4)
- Mining sector has the highest risk score due to large attack surface and position in global supply chains
- Many weak configurations detected, especially around security control settings
Cyber Risk Report highlights critical vulnerability, offers new ways to prioritize risk management
To read a full copy of the report, Intercepting Impact: 2024 Trend Micro Cyber Risk Report, please visit: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/intercepting-impact-2024-trend-micro-cyber-risk-report
Jon Clay, VP of threat intelligence at Trend Micro: "Trend's cyber risk report shares key insights on where risks are greatest within organizations such as weak security controls, misconfigurations, and unpatched actively exploited vulnerabilities. Shifting towards a more risk-based approach to cybersecurity—discovering the entire attack surface, using AI to calculate the actual risk, and providing mitigating controls advice—allows an organization to improve its cybersecurity posture like never before. This is a game changer for the industry."
Using a risk event catalog, the Trend Vision One™ platform calculates a risk score for each asset type and an index for organizations by multiplying an asset's attack, exposure, and security configuration by impact. An asset with low business impact and few privileges has a smaller attack surface, while higher-value assets with more privileges have a larger attack surface.
The following assets are the most at risk:
- Devices: 22.6 million total devices, with 877,316 classified as high-risk.
- Accounts: 53.9 million total accounts, with 12,346 classified as high-risk.
- Cloud Assets: 14.5 million total cloud assets, with 9,944 classified as high-risk.
- Internet-Facing Assets: 1.1 million total, with 1,661 classified as high-risk.
- Applications: 8.8 million total applications, with 489 classified as high-risk.
The number of high-risk devices is much higher than that of accounts, even though there are more accounts in total. Devices have a larger attack surface—i.e., they can be targeted with more threats. However, accounts are still valuable as they can grant threat actors access to various resources.
Elsewhere, the report also found:
Americas has the highest average risk index among regions, with an average risk index rating of 43.4, driven by vulnerabilities in the banking sector and critical infrastructure and the region's attractiveness to profit-driven actors.Europe is the quickest region to patch vulnerabilities, indicating strong security practices.- Mining has the highest risk score of any vertical due to its strategic position in global supply chains and large attack surface.
- Pharmaceuticals are the fastest sector to patch vulnerabilities by several days, reflecting the importance of protecting sensitive data.
- The top detected risk event is accessing cloud applications with a high risk level based on historical application data, known security features, and community knowledge.
- Old and inactive accounts, accounts with disabled security controls, and sensitive data being sent outside the network are other risk events with high event counts.
The report also uncovered many weak configurations that could lead to compromise, especially around security control settings.
As the threat landscape continues to evolve, organizations' ability to identify and manage risks is becoming increasingly crucial. The Trend Vision One™ platform, with its integrated Attack Surface Risk Management (ASRM), provides the necessary tools for comprehensive threat visibility and effective risk mitigation.
The following steps are recommended to help mitigate cyber risk:
- Optimize product security settings to get alerts on misconfigurations.
- When a risky event is detected, contact the device and/or account owner to verify the event. Investigate the event using the Trend Vision One™ Workbench search function to find more information about or check event details on the product management server.
- Disable risky accounts or reset them with a strong password and enable multi-factor authentication (MFA).
- Apply the latest patches or upgrade application and operation system versions regularly.
*The report is based on telemetry data from Trend Micro's Attack Surface Risk Management (ASRM) solution in its flagship cybersecurity platform, Trend Vision One™, plus the native eXtended Detection and Response (XDR) tools. It's divided into two sections: the user side covers risk in assets, processes, and vulnerabilities, while the adversary side maps adversary behaviors, MITRE, and TTPs. Data points are based on telemetry from December 25, 2023, to June 30, 2024.
About Trend Micro
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's AI-powered cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, Trend's platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 70 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.
View original content to download multimedia:https://www.prnewswire.com/news-releases/trend-micro-warns-devices-and-accounts-are-highest-risk-assets-302258020.html
SOURCE Trend Micro Incorporated
FAQ
What are the highest-risk assets according to Trend Micro's 2024 Cyber Risk Report?
Which region has the highest average risk index in Trend Micro's 2024 Cyber Risk Report?
What industry sector has the highest risk score according to Trend Micro's 2024 Cyber Risk Report?