Trend Micro Customers Lower Cyber Risk Scores Through Proactive Security
Trend Micro Incorporated, a global
cybersecurity leader, revealed a continued annual decline in its Cyber Risk
Index (CRI) score,* the figure stood at an average of 38.4 for the year, down
by 6.2 points from 2023. The data shows a clear trend that organizations
leveraging proactive security approaches are seeing measurable risk reduction.
Rachel Jin, chief enterprise
platform officer at Trend Micro: "Trend customers are embracing our vision
for proactive security by using the AI-powered Trend Vision OneTM Cyber Risk
Exposure Management to identify risk and prioritize mitigations. By getting on
the front foot, they can build resilience, rapidly contain threats, and become
more time and resource-efficient. It's an approach that any organization can
emulate with the right mindset and tooling."
The CRI score declined each month
throughout the year, from 42.5 in February to 36.3 in December. While
organizations remain in the Medium Risk zone, the continued decline in CRI
scores reflects real progress in cyber risk reduction. It highlights a growing
shift toward continuous security assessment and risk-based decision-making.
Among the highlights from this year's report are:
Most risky events: Risky cloud
app access came top, followed by "stale Microsoft Entra ID account."
Rounding out the top 10 were email, user account and credential-related risks;
many of them misconfiguration-related. Over one billion organizations were
logged with multi-factor authentication disabled on Entra ID Accounts,
highlighting a clear need for enhanced, automated identity security.
Average Mean Time to Patch
(MTTP): The top detected and unpatched CVEs from 2024 were "high
severity" Elevation of Privilege (EoP) vulnerabilities published in the
first half of the year. Europe (23.5 days) and Japan (27.5 days) recorded the fastest
MTTP of any region, while non-profits (19 days) and the technology sector (22
days) were the fastest verticals. Healthcare (41.5 days) and telecoms (38 days)
were slowest. Trend offers virtual patches to protect customers on average
three months before official vendor updates.
Industry breakdown: Education,
agriculture and construction had the highest CRI in 2024, singling them out as
the most exposed sectors.
Regional breakdown: Europe was
the most improved region, recording a seven-point CRI reduction—possible as a
result of regulatory pressure from NIS2 and DORA. The Americas and AMEA have
room to improve, while Japan maintained the lowest average (34.3).
Ransomware: LockBit, RansomHub,
and Play ransomware were responsible for the highest number of reported
breaches in 2024. According to Trend research, organizations with a CRI above
average are around 12 times more likely to suffer a ransomware breach than
those below average.
AI: The report highlighted
AI-assisted deepfake phishing, virtual kidnapping scams, and automated
reconnaissance as key emerging AI threats. However, AI can also empower network
defenders to better predict and prevent cyberattacks, such as via the
industry-first security LLM Trend Cybertron.
To further lower their CRI, Trend
urges global organizations to embrace a proactive security approach by:
Optimizing security settings to
maximize product features and get alerts on misconfigurations, vulnerabilities,
and other risks. And leveraging native sensors/third-party sources to build a
comprehensive view of the attack surface.
Contacting the device and/or
account owner when a risky event has been detected to verify and investigate
using the Vision One Workbench search function.
Inventorying stale accounts to
delete inactive and unused ones, disabling risky accounts, resetting passwords
with strong credentials, and enabling multi-factor authentication (MFA).
Leave A Comment