SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Customer records compromised in 29% of NZ orgs - Trend Micro
Thu, 24th Nov 2022
FYI, this story is more than a year old

Trend Micro Incorporated has announced that 29% of New Zealand organisations have had customer records compromised multiple times over the past 12 months as they struggle to profile and defend an expanding attack surface.

The findings come from Trend Micro's semi-annual Cyber Risk Index (CRI) report, compiled by the Ponemon Institute from interviews with contributions from more than 4,100 organisations across North America, Europe, Latin/South America, and Asia-Pacific.

Mick McCluney, ANZ Technical Director at Trend Micro, comments on the trend saying, "You can't protect what you can't see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organisations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiralling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform."

The CRI calculates the gap between organisational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk.

The New Zealand CRI index moved from 0.03 in 2H 2021 to 0.12 in 1H 2022, indicating a surging level of risk over the past six months. This trend is also reflected elsewhere in the data - the number of New Zealand organisations experiencing a 'successful' cyber attack increased from 87% to 99% over the same period. The number expected to be compromised over the coming year has remained the same at 91%.

Some of the top preparedness risks highlighted by the index report are related to attack surface discovery capabilities. The researchers state, it is often challenging for security professionals to identify the physical location of business-critical data assets and applications.

From the business perspective, the biggest concern is communication between CISOs and business executives. Based on the scores given by Australian respondents, organisation with IT security leaders reporting to senior leadership (such as the CEO, COO or CIO) only has a score of 4.71 out of 10. By addressing the shortage of cybersecurity professionals and improving security processes and technology, organisations will significantly reduce their vulnerability to attacks, the researchers comment.

Overall, respondents rated the following as the top cyber threats in 1H 2022: business email compromise (BEC), advanced persistent threats, botnets, crypto-mining, and phishing and social engineering.

Dr. Larry Ponemon, Chairman and Founder of Ponemon Institute, comments, "The CRI continues to provide a fascinating snapshot of how global organisations perceive their security posture and the likelihood of being attacked. The stakes couldn't be higher in the face of stiff macroeconomic headwinds. Respondents pointed to the high cost of outside expertise, damage to critical infrastructure, and lost productivity as the main negative consequences of a breach."