Despite investing money into cybersecurity, many Canadian organizations \u2014 and their global peers \u2014 admit they still have visibility problems into their IT systems, which complicates their ability to secure vital data.<\/p>\n
According to a recently-released global study for Trend Micro of 6,297 IT and business decision-makers across 29 countries, nearly two-thirds (62%) of all respondents \u2014 including 60% of Canadian participants \u2014 acknowledged having blind spots in trying to secure their attack surface.<\/p>\n
Cloud assets were listed as the area where organizations have the least insight (37% of all respondents and 41% in Canada) followed by networks (34% globally) and end-user assets (29% globally).<\/p>\n
Nearly three-quarters of all respondents said they are concerned with the size of their digital attack surface, with 31% saying they are \u201cvery concerned.\u201d 43% said their attack surface is spiraling out of control.<\/p>\n
The numbers are included in a study on why organizations are having trouble managing cyber risk called Mapping the Digital Attack Surface.<\/a><\/p>\n Greg Young, vice-president of cybersecurity and corporate development at Trend Micro Canada, said the high number of participants admitting there is a visibility problem is good news: At least officials aren\u2019t denying there is a problem.<\/p>\n \u201cIt\u2019s unfortunate technology is changing so much that it creates so many blind spots,\u201d he said in an interview.<\/p>\n \u201cI think what\u2019s happened is a fascination with point solutions, and the James Bond-ian fixation with [protecting against] zero-day attacks has been very unhealthy. We saw this with some [security vendor] companies over-rotating their marketing and scare tactics around zero-days and the like, when technology changes like cloud and IoT are great challenges.<\/p>\n \u201cThe organizations that are leaning forward now are investing their time and money on attack surface management\u201d \u2014 both external and internal \u2014 \u201cand then can I get a picture of risk from that.\u201d<\/p>\n Among the other findings, nearly half of all respondents said misconfiguration of cloud assets is their biggest risk exposure.<\/p>\n That\u2019s a reflection of the fact that cloud security is different from IT security, Young said. And if the organization has moved to a multi-cloud environment, it\u2019s even harder to manage. It doesn\u2019t help that each cloud platform has its own tools for operations and security, he added.<\/p>\n \u201cThere\u2019s some great technology to solve the great percentage of cloud misconfigurations. Cloud security posture management (CSPM) has been around for a few years, and it can work really well for a lot of the issues \u2026 This is one of the cases where you should use automation, use machine learning to see and fix a lot of things.\u201d<\/p>\n The most disappointing response in the survey, Young said, was that only 44% of respondents believe phishing emails are the primary way cyber attacks start. Trend Micro believes the vast majority of attacks start with phishing. \u201cClearly more work needs to be done there,\u201d Young said.<\/p>\n The end goal of gaining visibility and control of the digital attack surface is ultimately to better understand and manage cyber risk, says the report.<\/p>\n It advises IT and security leaders to<\/p>\n \u2013gain visibility into all assets and attack vectors;<\/p>\n \u2013use that data to continuously calculate risk exposure;<\/p>\n \u2013then invest in the right controls to mitigate that risk.<\/p>\n The post IT leaders admit having blind spots in attack surface visibility: Report<\/a> first appeared on IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" 62 per cent of respondents to a Trend Micro survey admit they can’t see all of their atta<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[19,16],"tags":[391,393,275,480],"class_list":["post-24945","post","type-post","status-publish","format-standard","hentry","category-cloud","category-security","tag-di","tag-security-strategies","tag-top-story","tag-trend-micro"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24945","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=24945"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24945\/revisions"}],"predecessor-version":[{"id":25606,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/24945\/revisions\/25606"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=24945"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=24945"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=24945"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}