Category Archives: Internet of Everything

As CES 2016 Begins, More Reasons for a ‘Bring Your Own Wearables’ Policy

by Bharat Mistry

It might only be the first week in January but already the world’s biggest technology firms are lining up to show you what they’ve been up to over the past 12 months. Wednesday will see the official opening of CES 2016 – the world’s largest consumer electronics trade show. As always, Las Vegas will provide the backdrop as we get a tantalising glimpse into the future – and like last year, much of the focus is likely to centre on the Internet of Things.

But while CES shows us what’s coming down the road, CIOs would do well to remember that smart devices are already finding their way into the enterprise in ever greater numbers. And as they start to sync and share more data than ever before, IT leaders will need to start adapting BYOD plans accordingly.     Continue reading

Extortion, Destruction and Lethal IoT Failures Make 2016 a Year to Watch

by Bharat Mistry

It’s been a pretty hectic 12 months, but for UK CISOs the bad news is that 2016 is unlikely to bring with it any respite. Over the past year we’ve seen a never-ending avalanche of data breaches, nation state espionage attacks and hacktivist campaigns; sophisticated new malware; and a return of some old attack techniques. And all of this against an ever more volatile regulatory compliance backdrop that threatens to turn up the pressure even more next year.

We’ll be doing our bit by continuing to protect our customers from the latest threats with innovative new products, and working with law enforcement to hit the bad guys where it hurts. But security bosses should also start planning now to overcome the key challenges Trend Micro predicts for 2016.

A year in security
Organisations on both sides of the Atlantic showed they are still ill-equipped to cope with targeted attacks and continue to make basic security errors allowing hackers to strike. Whether it was the apparently insider-related attack on infidelity site Ashley Madison or the more traditional targeted intrusions at major US healthcare firms Anthem and Premera and the massive OPM federal breach, it was no real surprise that the data breaches kept on coming in 2015. The UK had its fair share of incidents too, many of which were punished by the Information Commissioner’s Office (ICO). The TalkTalk breach turned out to be less serious than at first thought but shows that some British firms are no better at securing customer data than their global counterparts.

At a nation state level our tracking of the Pawn Storm crew’s attacks on NATO members and the White House proved it’s not just China and the US with cyber espionage capabilities. And a devastating strike which took out several TV5Monde TV channels reminded us of the real world damage that cyber attacks can inflict. It was disappointing to see the results of a new Quocirca study sponsored by Trend Micro which found that although complacency about breaches has dropped this year, 12% of the firms that said they’d been targeted didn’t know whether data had been taken or not. Some didn’t even know how much data they’d lost.

Another study we released, this time with the Ponemon Institute, warned of the threat to privacy and security from nascent IoT technologies.

Fighting back
We’ve done our best to help our customers stem the rising tide of attacks this past year, beyond providing industry leading products which received accolades from the likes of NSS Labs (Deep Discovery), Gartner, the V3 Awards (Deep Security) and the IAIR Awards (cloud security company of the year). Deep Security’s virtual patching capabilities have helped countless businesses continue to run Windows Server 2003 beyond the deadline for end of support earlier this year. And a landmark MoU agreement with the NCA has seen our threat researchers working hand-in-hand with the crime agency on cases – already resulting in the arrest of two suspects in the UK. Those same researchers have also lifted the lid on the shadowy Deep Web cybercrime markets of Japan, China, Germany and beyond in some fantastic reports this year.

We’ve also been awarded the “EICAR trusted IT security” seal of quality for Deep Security, Deep Discovery and OfficeScan – independent proof that none of these products have been tampered with by nation states.

Trouble ahead
But unfortunately the hard work never stops. Already lined up for next year are major changes to the regulatory environment, with the European General Data Protection Regulation and Network and Information Security Directive set to be finalised. And there’s a new Safe Harbour agreement to be thrashed out with US negotiators. Organisations desperately need their own Data Protection Officers (DPOs) to handle these coming compliance requirements and co-ordinate an effective response to data security threats. Yet we predict that fewer than 50% of organisations will have one installed by the end of next year.

Our other predictions for 2016 include the following:

  • Threats will increasingly focus on extortion
  • A failure in at least one consumer-grade IoT device will prove lethal
  • Mobile malware will hit 20 million, driven by China
  • Destructive cyber attacks will increase
  • Ad blocking will kill malvertising
  • Cybercrime prevention efforts will get more successful

Check out our latest report, The Fine Line: 2016 Security Predictions, for more. And we wish you all a very happy Christmas and prosperous New Year.

 

The Internet of Things: it’s in our Hospitals … But is it Safe?

by Bharat Mistry

Many of us probably don’t know it yet, but already the Internet of Things is creeping into every corner of our lives. From connected cars to on-board sensors inside aircraft, wearable fitness bands to smart cities – the possibilities are almost limitless for this new computing paradigm. Healthcare is one industry which has taken to the IoT with gusto, especially in the States where investment in new technologies tends to be ahead of the UK. Yes, networked devices can dramatically improve healthcare outcomes and patient wellbeing. But the problem is that manufacturers just aren’t putting enough thought into security and privacy at the design phase.

The result? Products are rushed to market with major security vulnerabilities, as one new piece of research has just found. Presenting at DerbyCon last weekend, two researchers claimed to have found 68,000 exposed IoT devices at just one unnamed healthcare organization. Continue reading

Expect the Unexpected as CLOUDSEC Conference Comes to London Next Week

by Raimund Genes

Knowledge is power. Nowhere is this frequently over-used expression more relevant than in the information security industry. After all, how can security managers begin to plan effective cyber defences if they don’t fully understand the ever-evolving threat landscape? At the very least, they need to cast the net as wide as possible to take advantage of a broad range of industry expertise. Documents and articles from commercial vendors, non-profits, academics and others can certainly be a useful source of information. So can threat data generated from specific security tools and systems. But so can trade shows and industry events.

That’s why we’re bringing our popular APAC security conference CLOUDSEC to London for the first time. Held next week Thursday, 17th September, it’ll be a fantastic place to network with fellow IT professionals, share experience and best practice, and hear from a range of industry experts on the latest cyber security trends. Continue reading