Tag Archives: CLOUDSEC

Countdown to CLOUDSEC: don’t miss this week’s top cybersecurity event

by Bharat Mistry

Reading the IT news headlines every day can have a dizzying effect. Things move at such a pace it can be difficult to detach and see the bigger picture. In just the past few days alone, we’ve seen a major DDoS attack take Wikipedia offline across most of Europe and parts of the Middle East. We’ve also witnessed one of the men behind the notorious Satori IoT botnet plead guilty. And we’ve seen a Japanese car maker become the latest firm to suffer a major BEC incident: this time costing the firm in excess of $37m.

Continue reading

Cloud security has reached a tipping point, but there’s still plenty to do

by Bharat Mistry

Cybersecurity has long been the number one barrier to the manifold benefits offered by cloud computing deployments. But a new report from .uk registry Nominet out this week seems to indicate that security leaders have turned a corner in terms of their perception of related risk. In fact, nearly two-thirds (61%) of UK and US CISOs said they now feel that cloud breaches are just as likely or less likely than on-premises breaches. This is great news, but it’s not the end of the story.

IT security leaders still face multiple challenges securing their cloud data, and there’s a persistent awareness issue around the shared responsibility model. This is where Trend Micro’s CLOUDSEC conference can help: offering help, advice and war stories from a range of global industry experts.

A more secure cloud
Nominet’s report offers a much-needed riposte to the doom-and-gloom cloud threat research that often dominates the news headlines. Aside from the shifting perceptions around the security of cloud deployments, there was welcome news in that the vast majority (92%) of responding organisations use cloud-based security tools, and the fact that over half (57%) expect to increase their budgets for this next year.

However, other findings remind us that securing the cloud is an ongoing challenge for many. Multi-cloud deployments are particularly vulnerable: over half (52%) of responding organisations running multiple clouds said they’d suffered a breach in the past year, versus a quarter of hybrid and single-cloud users. What’s more, 69% of these compromised multi-cloud organisations said they suffered 11-30 breaches — significantly more than those running just one cloud (19%) or hybrid-cloud businesses (13%).

Multiple clouds, often from different vendors, introduces extra complexity which in turn can create additional security gaps that hackers are only too ready and willing to take advantage of. It doesn’t help that in some organisations, different security tools are used to secure different environments. And in others, there’s still confusion over exactly how much of the cloud security model the provider is responsible for (answer: not as much as you might think).

CLOUDSEC returns
Fortunately, Trend Micro’s popular CLOUDSEC conference is back again this year to answer all your questions about cloud security. We’ve got a host of international experts including a former White House CIO, and the current cybersecurity advisor to the UN to add their perspective. Plus, there are Trend Micro’s own VP of Security Research and Director of Forward-Looking Threat Research to take a look at what’s coming down the road over the coming decade.

This year we’ve also listened to feedback by featuring more industry case studies. That’s why you’ll be able to hear from Thomson Reuters Senior Director of Security Platforms and Engineering, Frank Thomas, on Lessons Learned From My Journey To The Cloud. Also featured are Oxford University global CISO, Marko Jung, in a keynote entitled “Threat Hunting – The Journey to the Cloud”. And there’s insight from Stena AB CISO, Magnus Carling, in his presentation: From Titanic Safety to Cybersecurity.

All that, and there’ll be ample opportunity to chat to keynote speakers and peers in an informal setting during the day and well into the evening. Places are going fast so book your spot to avoid disappointment.

What: CLOUDSEC 2019
When: 13 September 2019
Where: Old Billingsgate Market, London

NATO is adapting to the new reality of cyber-threats: CLOUDSEC will help you do the same

by Bharat Mistry

It’s sometimes easy to forget how far and fast the threat landscape has evolved in just a few short years. We now live in a world where attacks by nation states are no longer a threat to just a handful of critical infrastructure (CNI) providers, but virtually any organisation. Accordingly, NATO’s secretary-general has issued a well-timed reminder that the military alliance would hit back hard if one of its member nations is attacked.

NATO is adapting to the “new reality” of cyber-threats that are “more frequent, more complex and more destructive,” he said. CISOs must too: and Trend Micro’s CLOUDSEC conference next month offers a great opportunity to find out how.

A new era
The article by Jens Stoltenberg this week is not the first time NATO has said a serious cyber-attack could invoke Article 5, where an attack against one ally is regarded as an attack on all. However, the fact that he has been forced to repeat the warning is significant. It reflects a new era characterised by aggressive nation state cyber-activity and concerns over just how exposed organisations, and society in general, are to attacks. 

As NotPetya and WannaCry showed us, nation state hackers can cause global chaos to organisations of all shapes and sizes, whether they planned to or not. For smaller firms, such attacks could have a catastrophic impact. New research from insurer Gallagher this week revealed that nearly a quarter of UK SMEs were hit by a “crisis” event cyber-attack last year, costing them a combined £8.8bn. The firm calculated that as many as 57,000 such firms could be at risk of collapse this year if hit by an attack which forced them to stop trading.

Even larger enterprises may find serious ransomware outages and data breaches result in brand and financial damage that’s hard to recover from. For Stoltenberg, the key to mitigating the growing threat from cyberspace is by increasing resources, improving legal and institutional frameworks and sharingexpertise.

CLOUDSEC is here to help
It’s in this last sphere that CLOUDSEC comes into play. This popular one-day cybersecurity conference hosted by Trend Micro annually brings together leading industry experts from academia, law enforcement, government and the private sector to debate the issues of the day. This year is no different. We have a former White House CIO; the UN’s cybercrime advisor; the former head of the UK’s National Cyber Crime Unit; CISOs from Stena, Oxford University and Thomson Reuters; and several threat experts from Trend Micro, among many others.

CLOUDSEC offers a valuable opportunity for attendees tolisten to their insight into the threat landscape and current industry trends, and experiences working in high-profile and extreme high-pressure roles. But that’s not all: the event also offers a fantastic networking opportunity for IT security leaders to hear from their peers in the industry, in an informal setting.

Like NATO, the modern CISO has to contend with a reality today where cyber-threats are the new normal. In this context, gaining as much situational awareness and tactical insight as possible is a no-brainer. Make sure you confirm your place today!

What: CLOUDSEC 2019
When: 13 September 2019
Where: Old Billingsgate Market, London

As Misconfiguration Errors Hit Home, CLOUDSEC Can Light the Path to Improved Cloud Security

by Bharat Mistry

British organisations have always been among the first to adopt new technologies to give themselves a competitive advantage. Cloud computing is no different: in fact, with an adoption rate at over two-fifths (41%), it significantly outpaces the EU-wide average. But while it promises more agile, efficient IT and a platform for innovative digital growth, the cloud can introduce extra uncertainty and security gaps. Prime among these are misconfiguration errors which we have warned about in the past. Now these mistakes are really starting to hurt businesses as hackers get smarter about automating attacks.

IT security teams need to lead the fightback through improved technology, policy and processes. But it can be tricky knowing where to start. That’s where CLOUDSEC 2019 can come in handy. Trend Micro’s popular one-day conference is back in London next month and features expert advice to guide you towards more secure cloud deployments.

Human error exposes data
The research community has been flagging misconfigured cloud databases for several years now. Organisations as diverse as Verizon, Dow Jones and the US Department of Defense have been found wanting as sensitive data stores are discovered exposed online without password protection. Millions of customers and records have been left open to the public in this way, residing on popular platforms like MongoDB, Elasticsearch, and Amazon S3.

The bad news is that attackers are now waking up to the opportunities these security gaps offer. Over the past two months alone we’ve seen:
• Choice Hotels held to ransom after hackers stole 700,000 customer records from a MongoDB instance
• Mexican bookstore Libreria Porrua held to ransom after attackers stole 2.1m records from an unsecured MongoDB database
• A new campaign automatically injecting Magecart digital skimming code into S3 buckets linked to over 17,000 websites
The companies managing these systems have been at pains to point out the issues are not their fault, and they’re right. In fact, it is the customer IT department, or their partner’s, that is to blame, according to the shared responsibility model of cloud security.

Managing cloud risk
To ensure your organisation doesn’t suffer by failing to prevent basic configuration mistakes, there must be a concerted effort to properly map and understand cloud infrastructure.

Consider the following as best practice:
– Perform a comprehensive audit of cloud assets: know what is stored where and how sensitive/high risk the data is.
– Run regular checks to see if there are any misconfigurations which could expose the above assets.
– Restrict access permissions to a policy of “least privilege” and consider adding two-factor authentication for extra security.
– Logging tools and network segmentation can further improve visibility and reduce risk.
– Choose third-party cloud security from a reputable provider like Trend Micro.

CLOUDSEC has your back
One final opportunity to improve your cloud security strategy lies with CLOUDSEC: Trend Micro’s annual security conference taking place in London next month. CLOUDSEC features a host of world-renowned experts including a former White House CIO; the UN’s current cybercrime advisor; CISOs from Oxford University, Thomson Reuters and elsewhere; and Trend Micro threat research leads.

This year, we’re also delighted to have Steven Bryen, Senior Technical Evangelist at Amazon Web Services, to share his wisdom with attendees in a keynote entitled: Improving your Security Posture with the Cloud. It will be a great opportunity to hear first-hand how – when configured correctly – the cloud can actually enhance security rather than lead to extra cyber-related risk.

We’re looking forward to seeing you there!

What: CLOUDSEC 2019
When: 13 September 2019
Where: Old Billingsgate Market, London