Tag Archives: GDPR

WannaCry Highlights Major Security Shortcomings Ahead of GDPR D-Day

by Bharat Mistry

For all the panic it caused, WannaCry looks finally to have been contained by organisations round the globe. But this isn’t the time to forget about it and move on. There are valuable lessons to be learned about this attack, why it was so successful and what can be done to prevent it happening again. The unpalatable truth is that many of those organisations caught out by WannaCry earlier this month could face punitive fines if the same kind of thing happens again in a year’s time.

That’s right: the EU General Data Protection Regulation (GDPR) is coming, adding a whole new level of urgency to firms realising they need a major cybersecurity overhaul after WannaCry. Continue reading

Trend Micro’s TECHDAY a Hit as IT Leaders Tackle Challenge of User Education

by Bharat Mistry

We all know the job of the under-pressure IT boss is getting harder by the day. And as recent revelations from WikiLeaks have shown us, it’s not being made any easier by those institutions nominally designed to keep us safe. With the likes of the CIA allegedly actively developing exploits, the threat landscape is certainly broader and more complex than it has ever been, and that makes mitigating information security risk all the more challenging. That’s why Trend Micro runs events like yesterday’s TECHDAY. They offer a great opportunity for IT practitioners to learn from some of the leading figures in the industry, as well as network with their peers.

Interestingly, some of the key take-aways for Trend Micro after the event were the number of attendees who ranked user education as their top challenge for the year ahead. Continue reading

It’s Time to Up Cyber Maturity Levels in 2017 – Starting with the Endpoint

by Bharat Mistry

As we close out another eventful year one thing is patently obvious: cyber threats have never represented a bigger risk to firms. Data and security breaches recently revealed at the likes of PayAsUGym, Ryanair, Lynda.com, KFC and more have all provide a timely festive reminder to CISOs of the value of multi-layered threat defence. More concerning still are new stats suggesting UK firms continue to operate with lower levels of security maturity than their US counterparts.

A good way to start the new year would surely be to consider how your organization can be smarter about security in 2017. And that means taking a look first at the endpoint.

Another year of breaches
Even before the catastrophic breaches at Yahoo, which may have affected over 1.5 billion accounts, were revealed, this was already shaping up to be another epic year for the black hats. Perhaps most worrying from the stream of breach incidents we’ve all read about in the news over the past 12 months is the fact that organisations are still making the same old mistakes.

Newly released data from UK-based insurer CFC Underwriting makes for particularly uncomfortable reading. It reveals that firm handled more than 400 claims on cyber breach policies this year – with the main categories being privacy breaches (31%), financial loss (22%) and ransomware (16%). Now, we don’t have mandatory breach reporting laws in the UK – not until the European GDPR comes into force in 2018, at least. So this is an interesting reminder that, while we might not always hear about them, security incidents are happening – and affecting UK firms every day.

More concerning still is that UK firms apparently represent 8% of the insurer’s policy count, but 17% of its claims count. Why does the UK have a disproportionately high volume of claims? CFC reckons because of the low cybersecurity maturity of these organisations.

Start with the endpoint
A comprehensive approach to cybersecurity of course requires multiple layers of protection including web and email gateways, networks and servers – not forgetting the vital “people” and “policy” elements. But many of the attacks which have led to damaging breaches over the past year started at the endpoint – the initial incursion point into the corporate network. We therefore need to start our efforts by better protecting this layer of infrastructure – but it’s not easy given the explosion in endpoints facilitated by cloud, mobile and IoT technologies.

Trend Micro’s answer is XGen: a cross-generational approach reliant on multiple layers of protection. None of these are a silver bullet on their own. But together they can form a formidable defence against the vast majority of known and unknown threats.

It should feature signature and non-signature based tools, including behavioural based filters, app control, exploit prevention and machine learning. The latter has been used for years by Trend Micro. But in this context we’ve made it even more effective at stopping threats by designing capabilities which extract and analyse a suspect file’s characteristics before and during its execution. This helps to reduce false positives and improve accuracy.

Endpoint compromise can play a vital role early on in the cyber kill chain. As we head into 2017, don’t underestimate the importance of gaining visibility and control at this layer. With huge regulatory pressure coming from Europe in 2018, no CISO can afford to ignore it.

 

 

CLOUDSEC UK 2016: Trend Micro Research Highlights Importance of GDPR Compliance

by Simon Edwards

If there’s one word that perfectly sums up the past few weeks, it’s: “uncertainty”. Many IT bosses have been left unsure by many things following the referendum result – not least whether they should continue efforts to comply with the European General Data Protection Regulation (GDPR) or assume this is no longer necessary. New Trend Micro research has reaffirmed that compliance is the way to go. Why? Because it reveals a British public fed up with data breaches and increasingly aware of the value of their own data and how it’s used.

If you want to find out more on this and other key security issues and trends of the moment, come down to our annual CLOUDSEC event in London on the 6th of September. Continue reading