We all know the UK is under attack on an unprecedented scale. A government report from 2016 claimed two-thirds of large businesses had been hit over the past 12 months. The launch of the National Cyber Security Centre will help, of course. But for IT and business leaders looking to craft an effective cyber response, it’s vital to know what’s actually happening on the ground. That’s why Trend Micro recently interviewed hundreds of decision makers on the IT coal face. With their feedback, we produced a report which will help to reveal the scale of the problem facing firms, their key cybersecurity challenges, major areas of weakness, and what IT teams are doing to respond.
We found that the vast majority favour a coordinated, multi-layered approach featuring advanced security tools from a single, established vendor. Continue reading →
We’re only in the second month of the year and already the threats are coming thick and fast. Just in the past week we’ve heard of a major breach at two popular gaming forums and a ransomware attack which crippled the police CCTV camera network in the US capital. This tells us that the endpoint, frequently the first target in such attacks, must be better protected as we head through 2017. But it can be hard to cut through the marketing hype in such a crowded marketplace.
Recent headlines have highlighted once again that many organisations are just a click away from a potentially catastrophic malware infection or data breach. The world-leading heart and lung Papworth Hospital in Cambridgeshire was lucky enough to have daily back-ups in place when it was recently hit by a ransomware attack. North Lincolnshire and Goole NHS Foundation Trust was less so, and ended up cancelling operations and moving patients elsewhere after IT systems were taken offline for several days.
Many endpoint security vendors trumpet their capabilities as a silver bullet to tackle these and other modern day threats. It’s a tempting prospect, but sadly with little substance to back up the claims. The truth is that the only way to effectively protect your organisation from the multiplicity of threats out there is with a multi-layered approach, which runs from traditional signature-based detection to advanced machine learning. Continue reading →
Indicators of compromise (IOCs) are an incredibly important forensic artifacts which, as the name suggests, are used in incident response and threat research to discover if a system has been compromised. They come in various forms, for example, unusual outbound network traffic, an MD5 file in a temporary directory, or even log-in irregularities. One class of IOCs so far resistant to detection by traditional methods relates to the use of external content in web-based attacks.
At Black Hat Europe earlier today, Trend Micro senior security researcher Marco Balduzzi, explained how a new machine learning approach can reap fantastic results for early detection of such threats. Continue reading →