Category Archives: Research

Why Defence in Depth Should be Key for All CISOs Heading into 2017

by Bharat Mistry

The evolution of the threat landscape is a tricky thing to predict. After all, the nation states, cybercrime gangs and lone hacktivists we track always have the advantage of surprise. Just a few days ago we learnt of yet another new ransomware threat, for example. This one, dubbed “Popcorn Time”, even tries to lure victims into spreading the malware themselves, in return for a decryption key. It’s yet another example of the kind of black hat ingenuity we outline in our new 2017 predictions report, The Next Tier.

As attackers continue to evolve and hone their skills, the UK’s IT leaders must look towards a multi-layered combination of security tools to effectively mitigate risk on the endpoint.

Tip of the iceberg
Popcorn Time is just the tip of the iceberg. As Trend Micro predicts in the new report, new varieties of ransomware are likely to grow by 25% next year as cybercriminals look to target their wares at new systems and sectors. Those in heavy industry might find themselves particularly exposed as attackers realise they’re more likely to pay a significant sum to get mission critical production equipment back online. Even ATM and POS systems could be a target for similar reasons.

There will certainly be no shortage of vulnerabilities to exploit. But you may be surprised at their origin. As PC shipments decline and Microsoft gets better at securing its software, expect Apple and Adobe vulnerabilities to accelerate faster than newly discovered bugs in the Redmond giant’s systems. In fact, 2016 saw Adobe already outpace Microsoft on this front, while Apple had its biggest year to date in terms of the number of bugs found in its products. Vulnerability shielding as part of multi-layered protection is the best way to guard against zero day and unpatched flaws..

There’s also likely to be a great deal of innovation next year right at the top of the black hat evolutionary ladder – targeted attacks. New and unexpected techniques could stretch organisations to the limit unless they plan carefully. Hackers will scan for sandbox use in a bid to circumvent these next generation filters, and virtual machine (VM) escape bugs will become highly prized on the cybercrime underground for similar reasons.

Defence in depth
The key is not to rely on one or even a small handful of technologies. There isn’t a product on the planet that can stop everything the black hats can throw at us. That’s why it pays to invest in multiple layers of defence. These should range from web and email gateway protection, web reputation and app whitelisting to behaviour and integrity monitoring. The beauty of this approach is that if a threat manages to slip past one layer of protection it should eventually be blocked by another.

That’s what our XGen approach is all about – combining multiple layers of cross-generational threat protection to provide the best possible chance of deflecting attack. Sitting right at the top is high fidelity machine learning designed to extract and analyse a file’s characteristics before and during its execution. This helps to reduce false positives and improve accuracy.

As we head into 2017, this is the best chance organisations have of effectively managing cybersecurity risk.

 

 

With Ransomware and BEC Soaring, it’s Time to Take Control of Email Security

by Bharat Mistry

Sometimes being right is a double-edged sword when it comes to cybersecurity. Trend Micro predicted late last year that 2016 would be the year of online extortion. And lo and behold, over halfway into 2016, ransomware is breaking all records: we discovered 79 new families in the first six months of this year alone; a 172% year-on-year increase. That’s no comfort, of course, to the countless organisations around the world that have suffered at the hands of the online extortionists. Meanwhile, Business Email Compromise (BEC) scams have already netted cybercriminals an estimated $3 billion in profits.

The latest figures from Trend Micro tell us organisations in EMEA are most at risk globally from ransomware. Together with whaling (BEC) attacks, they represent a major challenge for IT security leaders and one that needs to be addressed with urgency. For those looking for some inspiration, the upcoming CLOUDSEC conference in London will offer the perfect opportunity to learn best practice in this space. Continue reading

Why SMBs Need to Start Thinking About Cyber Security… Now!

by Bharat Mistry

Small and medium-sized businesses are far more important to UK PLC than many people think. The CBI claims that they account for 99.9% of the private sector and provide 60% of jobs in the sector. And the Department for Business Innovation and Skills (BIS) claims the combined annual turnover of SMEs was £1.6 trillion as of last year, 47% of the total private sector. This makes them an attractive target for cybercriminals, yet many fail to take adequate precautions to secure their IT systems and customer data.

As a trusted advisor to UK small businesses, we recently commissioned research into attitudes towards cyber security. The findings will be an eye-opener for any SME owner who thinks their business too small and insignificant to be targeted by cybercriminals. Join the conversation this week during Small Business Advice Week and follow #SBAW for the latest updates. Continue reading

Security Flaws Common on Most Popular Smartwatches

by Bharat Mistry

According to a new piece of research we conducted with First Base Technologies, the security features on some of the market’s most popular smartwatches have been found to be poor.

Our study, which revealed security flaws in all six of big brand smartwatches on the market, stress-tested devices on physical protection, data connections and information stored to provide definitive results on which ones pose the biggest risk to consumers. Continue reading