Tag Archives: cybersecurity

Head and Shoulders Above the Rest in Endpoint Security as a Gartner Magic Quadrant Leader

by Bharat Mistry

We’re only in the second month of the year and already the threats are coming thick and fast. Just in the past week we’ve heard of a major breach at two popular gaming forums and a ransomware attack which crippled the police CCTV camera network in the US capital. This tells us that the endpoint, frequently the first target in such attacks, must be better protected as we head through 2017. But it can be hard to cut through the marketing hype in such a crowded marketplace.

That’s why Trend Micro is delighted to have been placed highest and furthest in the Leaders quadrant in Gartner’s 2017 Magic Quadrant for Endpoint Protection Platforms (EPP). Continue reading

It’s Time to Up Cyber Maturity Levels in 2017 – Starting with the Endpoint

by Bharat Mistry

As we close out another eventful year one thing is patently obvious: cyber threats have never represented a bigger risk to firms. Data and security breaches recently revealed at the likes of PayAsUGym, Ryanair, Lynda.com, KFC and more have all provide a timely festive reminder to CISOs of the value of multi-layered threat defence. More concerning still are new stats suggesting UK firms continue to operate with lower levels of security maturity than their US counterparts.

A good way to start the new year would surely be to consider how your organization can be smarter about security in 2017. And that means taking a look first at the endpoint.

Another year of breaches
Even before the catastrophic breaches at Yahoo, which may have affected over 1.5 billion accounts, were revealed, this was already shaping up to be another epic year for the black hats. Perhaps most worrying from the stream of breach incidents we’ve all read about in the news over the past 12 months is the fact that organisations are still making the same old mistakes.

Newly released data from UK-based insurer CFC Underwriting makes for particularly uncomfortable reading. It reveals that firm handled more than 400 claims on cyber breach policies this year – with the main categories being privacy breaches (31%), financial loss (22%) and ransomware (16%). Now, we don’t have mandatory breach reporting laws in the UK – not until the European GDPR comes into force in 2018, at least. So this is an interesting reminder that, while we might not always hear about them, security incidents are happening – and affecting UK firms every day.

More concerning still is that UK firms apparently represent 8% of the insurer’s policy count, but 17% of its claims count. Why does the UK have a disproportionately high volume of claims? CFC reckons because of the low cybersecurity maturity of these organisations.

Start with the endpoint
A comprehensive approach to cybersecurity of course requires multiple layers of protection including web and email gateways, networks and servers – not forgetting the vital “people” and “policy” elements. But many of the attacks which have led to damaging breaches over the past year started at the endpoint – the initial incursion point into the corporate network. We therefore need to start our efforts by better protecting this layer of infrastructure – but it’s not easy given the explosion in endpoints facilitated by cloud, mobile and IoT technologies.

Trend Micro’s answer is XGen: a cross-generational approach reliant on multiple layers of protection. None of these are a silver bullet on their own. But together they can form a formidable defence against the vast majority of known and unknown threats.

It should feature signature and non-signature based tools, including behavioural based filters, app control, exploit prevention and machine learning. The latter has been used for years by Trend Micro. But in this context we’ve made it even more effective at stopping threats by designing capabilities which extract and analyse a suspect file’s characteristics before and during its execution. This helps to reduce false positives and improve accuracy.

Endpoint compromise can play a vital role early on in the cyber kill chain. As we head into 2017, don’t underestimate the importance of gaining visibility and control at this layer. With huge regulatory pressure coming from Europe in 2018, no CISO can afford to ignore it.

 

 

Take Control at CLOUDSEC London this September

by Bharat Mistry

At a fundamental level information security is all about taking back control. It’s about reintroducing order into a chaotic and disordered world. But given the era-defining political upheaval the UK is witnessing at the moment, your average CISO could be forgiven for thinking that their job has just become even harder. Well, good security is also about resilience, and having the tenacity and will to stand firm – sometimes against the odds. But you can’t do this alone. Continue reading

A Brief Guide on How to Stop Ransomware

by Bharat Mistry

Has your organisation ever been hit by ransomware, or do you know of a business which has? It seems the answer to this question for IT leaders is increasingly ‘yes’. In fact, just last week, the FBI was forced to issue yet another warning to US firms, claiming that CryptoWall alone has made its authors a cool $18 million since last April. With ransomware surging as we head through 2015, now would seem like a good time to remind UK organisations just what the risks are, and how to keep business critical data safe from harm.

Looming larger
Aside from the FBI announcement, there have been numerous other warnings from the security industry about the growing threat from this new breed of malware. One survey at Infosecurity Europe this year, for example, found that over one third of enterprises had either suffered an attack, or knew of a firm which had. A further 84% said they would be seriously damaged if they were struck by a direct hit, and nearly one third (31%) claimed they’d have little choice but to pay the ransom if mission critical data was threatened with deletion.

There are, of course, numerous variants of ransomware out there. Early versions like Reveton typically contained a “police theme” – flashing up a message saying the user had broken the law and needed to pay a fee to settle the bogus offence. But the bad news is the cyber criminals have been learning, adapting and getting smarter. Many newer versions like CryptoWall and CryptoLocker have dispensed with the social engineering and introduced strong encryption, with the threat of deleting the victim’s files if the ransom is not paid in full.

These gangs have also been putting more and more of their infrastructure on anonymisation networks like Tor and I2P, in order to make it difficult for the white hats to track and disrupt.

Prevention is the cure
When it comes to ransomware it pays to be prepared. Some versions of the malware cannot be removed so there is a real risk that your most important files may be lost forever.

Here are a few guidelines on what businesses can do to mitigate the risks:

Educate staff – they’re the first line of defence here. Make sure they know the dangers of opening unsolicited messages and clicking on dubious links.

Continuously back-up content offline – this will ensure that if the worst happens, you’ll be able to restore the majority of your files

Keep anti-malware up-to-date – new ransomware is being developed all the time so it pays to be able to stop the latest threats

Patch, patch, patch – a few days ago it emerged that a recently patched Adobe Flash flaw (CVE-2015-3113) was being exploited to drop CryptoWall on machines. Always keep up to date with software and OS security updates

Consider removal toolkits – A number of vendors have tools to help you remove some strains of ransomware. We have one too!

However, it’s important to remember that these tools are not a silver bullet, so prevention is the way forward when it comes to ransomware.