Category Archives: Privacy

Layered Protection: The Only Cure for the Ransomware Epidemic

by Raimund Genes

What’s the number one challenge facing CISOs today? It’s not compliance, budgetary concerns, securing cloud computing or even data breaches – as important as all of these issues are. It’s ransomware. Every day there seems to be a new outbreak. The latest is a double-edged attack campaign apparently combining ransomware and DDoS. But while many cybercriminals are keen to exploit your organisation’s weakest point – its users – via web and email channels, some are looking to attack other parts of the IT infrastructure such as the network and servers.

That’s why CISOs need to ensure their organisation implements layered protection covering all possible weak points. It’s the only way to ensure you stand the maximum chance of avoiding ransomware infection. Continue reading

Banking on Hybrid Cloud: Some Top Security Tips

by Bharat Mistry

A new Wall Street Journal news story this week claims that Amazon Web Services is beginning to make headway in the banking sector. If it’s true it’ll be a major breakthrough for the public cloud provider in an industry which has long been too risk averse and highly regulated for its brand of multi-tenant cloud computing. What the piece doesn’t mention explicitly is that if the notoriously conservative financial services industry is signing up to the public cloud, it’s most likely to be as part of hybrid deployments.

Yet even with a mix of private and public cloud installed to limit risk, organisations must remember that cloud computing brings with it a whole new set of security and management challenges. Forward planning, as always, is everything. Continue reading

Sharing the latest in Global Threat Trends with CLOUDSEC

by Ross Baker

Over the past quarter of a century and more Trend Micro has been protecting individuals and organisations around the world from everything the black hats can throw at us. Over that time we’ve come to appreciate that the value we bring is not just in our global threat analyst teams; our award-winning products for endpoint, virtual, cloud and physical security; or our pioneering Smart Protection Network. It’s also in the alliances we form – from law enforcement to academia, to our peers in the security research community.

That’s why we’ve been hosting the CLOUDSEC security conference since 2011. It’s an event that brings together some of cyber security’s foremost practitioners and speakers to share best practices, and the latest industry trends. For the first time ever, it’s coming to London on the 17th September.

Threats, threats, threats
CLOUDSEC covers many of the hottest topics in cyber security today, including targeted attacks, data protection and privacy; Internet of Everything; cloud and virtual security; and critical national infrastructure threats. But cyber security is nothing without context, so attention is always paid to make sessions as relevant as possible.

Even just a cursory look at the IT security headlines over the past week or two will show you why CLOUDSEC is as relevant today as it was four years ago. There have been reports of major vulnerabilities in so-called “smart watches” – potentially increasing the cyber risk surface for organisations already struggling to manage BYOD. Then there was a damaging cyber attack against the US Census Bureau, for which activist group Anonymous claimed responsibility.

But perhaps the most widely reported breach of recent weeks was that hitting the parent company of infidelity site Ashley Madison. Reports are still emerging as to what happened, but attackers The Impact Group claim they have access to highly sensitive data on 37 million customers globally. If nothing else, the incident can tell us much about the limits of online data privacy in the 21st century, and the level of risk facing online businesses which store customer data.

What to expect
In fact, Communicating Cyber Risk to the Business is one of the sessions slated for CLOUDSEC in London in September, along with other presentations on cyber activism, organised crime, incident response and the Internet of Everything.

Expect a raft of world-renowned experts including Andy Archibald, head of the NCA’s National Cyber Crime Unit; PwC Legal’s global head of cyber security and data protection, Stewart Room; and FBI cyber task force supervisory special agent, Timothy Wallach. Also on hand, of course, will be our very own Trend Micro CTO Raimund Genes, and VP security research, Rik Ferguson.

We all know cyber security is a never-ending learning curve for IT professionals – so if you’re nearby on Thursday, 17 September, come down to CLOUDSEC in London to take another step on that journey.

More info: http://www.cloudsec.com/uk
Twitter: Follow @TrendMicroUK #CLOUDSEC2015

 

 

What we Can Learn from Yet Another Government Data Breach

by Ross Dyer

One of the curious side effects of working in the information security industry for any length of time is that, after a while, the same stories start coming round again and again. So it was last week when the government admitted that two discs full of data related to three highly sensitive police inquiries had got lost in the post. For those with long memories, the echoes of 2007 – when the personal details of 25 million Britons went missing in similar circumstances – are telling. So let’s remind ourselves again of the importance of good data handling practice and what we should all be doing to minimise the risk of a damaging breach. Continue reading