Tag Archives: enterprise security

Securing Cloud Workloads: Making DevSecOps a Reality at VMworld Europe

by Bharat Mistry

You might have noticed new official ONS figures claiming a 30% drop in cybercrime in the UK over the past year. But don’t be misled by the headline stats: the truth is that threats, especially against organisations, are on the rise. Trend Micro blocked over 20.4 billion of them in the first half of the year alone. The risks are especially pronounced during the app development lifecycle when the focus can sometimes fall too heavily on time-to-market, at the expense of security. That’s why cloud workload security is one of the top two IT budget priorities for 2019, according to a new study.

As organisations increasingly look to DevOps to drive innovation and growth, the need to seamlessly integrate security controls pre-deployment and at runtime becomes more urgent. Join us at VMworld Europe next month to find out how Trend Micro is helping global organisations manage these challenges. Continue reading

Why Local Government Should Consider Third-Party Expertise to Manage Office 365 Cyber Risk

by Simon Edwards

Local government in the UK is increasingly encouraged to migrate to the cloud to drive efficiencies and improve agility and productivity while minimising costs. Office 365 is an obvious choice here, especially as Microsoft is changing its discount structure to encourage greater take-up. But there’s still a great deal of uncertainty and anxiety in the sector around cloud infrastructure, especially cybersecurity concerns.

That’s why Trend Micro has developed a new white paper for local government IT managers. It explains how working with trusted third-party providers can enhance existing protections in Office 365 and minimise risk as organisations transition away from GSI secure email. Continue reading

IoT Security Still an Afterthought for Many IT Leaders — This Must Change

by Simon Edwards

IoT security is new frontline in the battle against enterprise cyber-threats. As more smart endpoints are connected to corporate networks, the potential for mass data theft, service outages, sabotage and more will only increase. Yet new Trend Micro research reveals that only half (53%) of IT and security decision makers regard IoT as a security risk. This is a major miscalculation that could cost their organisations dear in the long run.

You need to start planning now for ways to mitigate the new risks presented by IoT technologies. Our annual CLOUDSEC show in September will also provide some much-needed best practice advice in this area. Continue reading

Latest Sextortion Campaign Highlights Impact of Poor Corporate Security

by Bharat Mistry

The UK’s national fraud and cybercrime reporting centre is warning UK netizens of a new sextortion campaign in which the attackers threaten to publish an intimate webcam video of their victims. They make the threat more realistic by including a genuine password that the victim has used in the past. While user education is the most effective way to counter this kind of opportunistic digital blackmail, the case highlights yet again the potential downstream impact of corporate breaches.

By improving enterprise security standards across the board and migrating away from password-based systems, organisations can not only reduce data breach costs but also the knock-on effects of PII compromise that may haunt customers for years.

A new take
Online extortion is nothing new, in fact it’s what has made ransomware such a popular money-maker for cyber-criminals. But this campaign is slightly different in that it includes the victim’s password in the subject line. Action Fraud claimed to have contacted several of the 110+ victims who reported the unsolicited scam email and they confirmed the credential to be recent. It’s more than likely that they were bought on a dark web site, after originally being stolen from an online provider.

Having grabbed the recipient’s attention by posting the valid password, the extorter then claims to have recorded a webcam video of the individual watching pornography, and to have used malware to harvest all of their social media contacts. Users are required to pay $2,900 in Bitcoin within 24 hours.

The email concludes:

“If I do not receive the BitCoins, I will definately send out your video recording to all of your contacts including close relatives, co-workers, and many others. Nevertheless, if I receive the payment, I’ll destroy the video immidiately. If you need evidence, reply with “Yes!” and I will send your video to your 10 friends. It is a non-negotiable offer, therefore do not waste my time and yours by responding to this message.”

What can we learn?
Action Fraud is quite rightly urging netizens not to panic, not to pay up and to always respond to any unsolicited message like this critically. It also pays to cover up your webcam, just in case. While this sextortion campaign is clearly a scam, previous ones have used malware to genuinely record individuals via their webcams. In fact, it was estimated in 2016 that thousands of Brits are likely caught out by such attacks each year, with at least four suicides linked to the trend.

But pulling back even further, this particular scam campaign is made possible in part via breached credentials. One could argue that if organisations worked harder to secure customer data in the first place, as the GDPR demands, there would be fewer opportunities for follow-on blackmail and fraud. That means choosing a trusted partner to provide security at every layer of your infrastructure, from endpoint to web/email gateway, network and server. Trend Micro’s cross-generational blend of cyber-defence tools is optimised to offer protection where you need it most from the huge range of modern threats.

Best practice security today also dictates moving away from static password-based systems for your employees and customers and towards multi-factor authentication. With no passwords to steal, breaches become harder to carry out and the resulting impact on users diminishes.

Scams like this one are just the tip of the iceberg and we could see an escalation in similar blackmail attempts using breached PII as a highly effective social engineering tactic. The GDPR should be your guide here. Only with improved security processes backed up with state-of-the-art technologies can organisations minimise opportunities for the cyber-criminals and reduce the risk of long-term post-breach brand damage.