Tag Archives: London

The view from the CISO at CLOUDSEC 2019

by Ian Heritage

Modern IT security leaders are increasingly caught in the middle: of rapidly professionalising cyber-criminals, nation state hackers, and board demands for more agile, digital-centric systems. Knowing how to mitigate cyber risk whilst supporting business needs to become more efficient and flexible can be a thankless task. That’s why CLOUDSEC this year is devoting more of its time to real-life case studies.

Sometimes the best way to learn what may work for your company is not from a vendor presentation, but by hearing first-hand how a counterpart in another organisation has managed. With that in mind, we’re delighted this year to welcome Magnus Carling, Chief Information Security Officer at Swedish ferry operator Stena AB.

Under attack
The past week alone has seen a raft of stories that perfectly characterise the pressure CISOs are under today. On the one hand, digital transformation projects risk exposing the organisation to threats on a whole new scale. A new Nominet report reveals that 53% of security leaders view security as a top concern, with customer data (60%), cyber-criminal sophistication (56%), an increased attack surface (53%), visibility blind spots (44%), and IoT devices (39%) all cited as issues.

On the other, the threat landscape has never been more varied or fast-changing. BEC scams are rapidly emerging as one of the biggest money-makers out there for cyber-criminals: new stats from the US treasury department claim that these attacks made the bad guys over $300m each month in 2018. CISOs must balance these and other threats like ransomware and crypto-jacking with more traditional attacks including phishing and vulnerability exploitation. One new report claims that over 800,000 machines worldwide are still exposed to the critical Bluekeep flaw – putting them in the firing line of a possible global worm-like campaign.

Sharing best practice
Fortunately, help is at hand. Trend Micro’s CLOUDSEC event has, for five years now, been offering expertise from some of the industry’s biggest names. This year is no exception: it will feature representatives from the United Nations, and luminaries who used to head up the Police National Cyber Crime Unit and the White House CIO’s office, among others including Trend Micro experts.

But we’ve also tried to go one better than previous years, by inviting CISOs from large multi-nationals to share their war stories and provide insight into how they manage the challenges of being a security leader at a time of unprecedented volatility and risk. That’s why we’ve got Magnus Carling along to speak during an industry case studies section of the show. He’ll be joined by Frank Thomas – Senior Director of Security Platforms and Engineering at Thomson Reuters – and another IT security leader to be confirmed.

Magnus is a seasoned CISO with a quarter of a century’s experience ensuring cybersecurity is always a business enabler and not the block on innovation that it can often become. He can also speak with authority about the challenges of regulatory compliance: Stena AB has operations in five areas including ferries, offshore drilling, property and finance. That means Magnus must manage GDPR as well as NIS Directive and a patchwork of other industry regulations.

CLOUDSEC will take place this year in the historic surroundings of Old Billingsgate, the perfect backdrop to explore how technology and cyber threats are forcing traditional industries to rethink their approach in our modern digital age.

Tickets are selling fast, so book now to reserve your place at the show.

What: CLOUDSEC 2019
When: 13 September 2019
Where: Old Billingsgate Market, London

Get the low-down on nation state threats and government cybersecurity at CLOUDSEC

by Bharat Mistry

The cyber-threat facing firms today has never been more diverse. Organisations once relatively insulated from state-sponsored activity are increasingly drawn into the fight for geopolitical advantage, whether they run critical national infrastructure, hold sensitive data on targeted individuals or merely have the misfortune to get in the way. That makes it more important than ever to ensure you have the awareness and capabilities to manage risk effectively for your organisation.

Trend Micro’s upcoming CLOUDSEC conference is a great opportunity to maximise both. At this year’s show in September, we have just added former White House CIO and cybersecurity expert Theresa Payton to an already impressive roster of speakers.

Caught in the middle
There was a time when nation states cyber operatives only went after one other. Sadly, despite a US-China pact in 2015 that promised to maintain this dynamic, things aren’t working out that way. Countries are on the prowl for IP which can help their companies gain a global advantage; they’re looking for sensitive information to blackmail individuals; they’re searching for ways to generate profits to grow the nation’s wealth; and they’re mapping and sabotaging critical infrastructure. The current furore over providers of 5G networks highlights just how strategic crucial technology has become to national interests and how important cybersecurity is to financial and social stability.

This matters, because increasingly it is average, ordinary firms that are caught in the middle. They may be running CNI. They may hold data targeted by hackers. But they may also be targeted not in their own right, but because they’re part of a high value supply chain. Law firms are particularly at risk because of information their clients may hold. Managed service providers have also been hit in the past. Even hotel chains could be at risk if hackers want to target individuals staying there. Then there are the more scattergun attacks, like WannaCry and NotPetya, that show no organisation is safe from state-sponsored threats.

CLOUDSEC 2019
This is just one part of a much bigger picture, of course. Financially motivated cybercrime represents a massive threat, as does, on a smaller scale, the publicity-hungry sniping of hacktivists. But in order to respond effectively, CISOs need the same things: accurate intelligence, and information on best practice response strategies.

At CLOUDSEC 2019 in September, we’ve lined up a host of world-leading experts in their field to share their insight. The latest is former White House CIO, Theresa Payton. Now a cybersecurity CEO, Theresa will reveal to attendees what they need to know today and look out for tomorrow in the ongoing battle against cybercrime. Crucially, she’ll also be lifting the lid on her time in government to share insight on how cybersecurity is managed at the very highest levels.

Now in its fifth year, CLOUDSEC is bigger and better than ever before. Also lined up to speak are: Thomson Reuters Senior Director, Security Platforms and Engineering, Frank Thomas; Stena AB CISO, Magnus Carling; United Nations cybercrime expert, Rob Gilbert; and Trend Micro experts including VP of Security Research, Rik Ferguson, and Director of Forward Looking Threat Research, Rob McArdle.

We’re looking forward to seeing you at the show.

What: CLOUDSEC 2019
When: 13 September 2019
Where: Old Billingsgate Market, London

IoT Exposed: New Trend Micro Research Reveals Major Systemic Weaknesses

by Bharat Mistry

The Internet of Things is a hugely complex ecosystem of devices, messaging protocols, cloud systems, networks and more. With so many moving parts it’s inevitable that there are security gaps for attackers to exploit. The fact that attacks thus far have been relatively isolated should be no cause for complacency. With IoT increasingly embedded into the operations of hospitals, factories, energy plants, offices and more, we should be looking closer at where these gaps lie.

That’s why Trend Micro released a major new piece of research today. It reveals serious design flaws and vulnerabilities in two of the most popular machine-to-machine protocols in use today. Over 219 million messages were exposed globally by these systems in just the four months of the research period. Continue reading

By Design and by Default: Why Firms Must Include Security Teams in IoT Projects

by Bharat Mistry

As organisations build out their Internet of Things (IoT) infrastructure, cyber-risk must be properly managed. Unfortunately, the latest research from Trend Micro has found that security teams are still not being consulted in the majority of global enterprise projects. It’s a major mistake and one which could come back to bite firms if their IoT systems are not secured “by design and default” as required by the GDPR.

If there’s one thing attendees took away from the ever-popular Trend Micro CLOUDSEC conference this week, it’s that online threats are only going to continue escalating. Continue reading