Tag Archives: BEC

The view from the CISO at CLOUDSEC 2019

by Ian Heritage

Modern IT security leaders are increasingly caught in the middle: of rapidly professionalising cyber-criminals, nation state hackers, and board demands for more agile, digital-centric systems. Knowing how to mitigate cyber risk whilst supporting business needs to become more efficient and flexible can be a thankless task. That’s why CLOUDSEC this year is devoting more of its time to real-life case studies.

Sometimes the best way to learn what may work for your company is not from a vendor presentation, but by hearing first-hand how a counterpart in another organisation has managed. With that in mind, we’re delighted this year to welcome Magnus Carling, Chief Information Security Officer at Swedish ferry operator Stena AB.

Under attack
The past week alone has seen a raft of stories that perfectly characterise the pressure CISOs are under today. On the one hand, digital transformation projects risk exposing the organisation to threats on a whole new scale. A new Nominet report reveals that 53% of security leaders view security as a top concern, with customer data (60%), cyber-criminal sophistication (56%), an increased attack surface (53%), visibility blind spots (44%), and IoT devices (39%) all cited as issues.

On the other, the threat landscape has never been more varied or fast-changing. BEC scams are rapidly emerging as one of the biggest money-makers out there for cyber-criminals: new stats from the US treasury department claim that these attacks made the bad guys over $300m each month in 2018. CISOs must balance these and other threats like ransomware and crypto-jacking with more traditional attacks including phishing and vulnerability exploitation. One new report claims that over 800,000 machines worldwide are still exposed to the critical Bluekeep flaw – putting them in the firing line of a possible global worm-like campaign.

Sharing best practice
Fortunately, help is at hand. Trend Micro’s CLOUDSEC event has, for five years now, been offering expertise from some of the industry’s biggest names. This year is no exception: it will feature representatives from the United Nations, and luminaries who used to head up the Police National Cyber Crime Unit and the White House CIO’s office, among others including Trend Micro experts.

But we’ve also tried to go one better than previous years, by inviting CISOs from large multi-nationals to share their war stories and provide insight into how they manage the challenges of being a security leader at a time of unprecedented volatility and risk. That’s why we’ve got Magnus Carling along to speak during an industry case studies section of the show. He’ll be joined by Frank Thomas – Senior Director of Security Platforms and Engineering at Thomson Reuters – and another IT security leader to be confirmed.

Magnus is a seasoned CISO with a quarter of a century’s experience ensuring cybersecurity is always a business enabler and not the block on innovation that it can often become. He can also speak with authority about the challenges of regulatory compliance: Stena AB has operations in five areas including ferries, offshore drilling, property and finance. That means Magnus must manage GDPR as well as NIS Directive and a patchwork of other industry regulations.

CLOUDSEC will take place this year in the historic surroundings of Old Billingsgate, the perfect backdrop to explore how technology and cyber threats are forcing traditional industries to rethink their approach in our modern digital age.

Tickets are selling fast, so book now to reserve your place at the show.

What: CLOUDSEC 2019
When: 13 September 2019
Where: Old Billingsgate Market, London

Why Local Government Should Consider Third-Party Expertise to Manage Office 365 Cyber Risk

by Simon Edwards

Local government in the UK is increasingly encouraged to migrate to the cloud to drive efficiencies and improve agility and productivity while minimising costs. Office 365 is an obvious choice here, especially as Microsoft is changing its discount structure to encourage greater take-up. But there’s still a great deal of uncertainty and anxiety in the sector around cloud infrastructure, especially cybersecurity concerns.

That’s why Trend Micro has developed a new white paper for local government IT managers. It explains how working with trusted third-party providers can enhance existing protections in Office 365 and minimise risk as organisations transition away from GSI secure email. Continue reading

Global BEC Disruption is Welcome, But Don’t Forget Email Security

by Bharat Mistry

This week the FBI announced a major international law enforcement operation spanning six months which resulted in scores of arrests and serious disruption to several Business Email Compromise (BEC) campaigns. At Trend Micro we welcome any efforts designed to make it harder for the black hats to make money from their illicit schemes. But we can’t rely on law enforcement alone.

Organisations must also get proactive by improving staff training and education and ensuring they have the kind of email protection capabilities which can spot and block BEC scams. Continue reading

The Year of Online Extortion: Over 81 Billion Threats Blocked in 2016

by Bharat Mistry

Trend Micro blocked an astonishing 81+ billion threats for customers in 2016, according to our newly released TrendLabs 2016 Security Roundup. If any stat speaks of the scale of the challenge facing organisations from online attackers – and the need for comprehensive multi-layered protection – it’s this one. Ransomware unsurprisingly led the way last year, with a 752% increase in new malware families discovered. But it’s Business Email Compromise (BEC) that potentially threatens to cause more problems going forward. Continue reading