Canadian Underwriter

How your large business clients can manage cyber risks they can’t see

June 14, 2022   by David Gambrill

Humorous mobile cloud computing conceptual image

Print this page Share

In the wake of lifting of pandemic restrictions, digital transformation is becoming so extensive that organizations are having trouble getting a handle on their broadening cyber exposures.

“As organizations grow and incorporate digital and cloud transformation into the fabric of their business, they are unknowingly expanding their attack surface,” said Greg Young, vice president of cybersecurity at Trend Micro.

“By identifying the areas where they struggle the most, companies can determine the correct approach to assess risk and develop a thorough security posture. It’s time for companies to begin using a unified, platform-based approach.”

This is proving easier said than done.

Visibility of expanding cyber risks appears to be a key reason why organizations struggle to manage and understand cyber risk, according to a recent study by cybersecurity firm TrendMicro.

In its global study of 6,297 IT decision-makers in 29 countries, TrendMicro found 60% of Canadian respondents reported blind spots that hamper their ability to manage cyber risk.

Forty-one per cent of Canadian respondents cited their cloud environment as the “most opaque” blind spot. Nearly half (48%) of respondents consider cloud service misconfigurations of cloud assets as the biggest risk exposure when it comes to their organization’s attack surface

On average, respondents estimated having just 57% visibility of their company’s attack surface.

The challenges are multiplied in global organizations, the survey found. And 40% of Canadian respondents claimed being an international enterprise that spans multiple jurisdictions made managing the cyberattack surface harder.

And yet, more than a quarter (27%) said they’re still mapping their systems manually. A further 20% said they outsource this task, which can create further silos and visibility gaps, as TrendMicro observed.

The answer to the issue is a single platform, it said.

“The benefit of a platform-based approach here should be clear,” the firm stated in its final report on the study. “If the platform is extensive enough to cover the entire attack surface — from email and endpoints to networks and the cloud — it will help to eliminate data silos and provide comprehensive visibility into assets.

“That same platform could be configured to deliver continuous protection of those assets via prevention, detection, and response tools and techniques, to minimize security gaps and improve decision-making.

“A platform-based approach will not only reduce expenditure on renewing and managing point products, it also saves stretched IT teams time and effort — freeing them to work on high value proactive security tasks rather than swivel-chair fire-fighting.”


Feature photo courtesy of