Tag Archives: Trend Micro Deep Security

Could a traditional security mindset imperil cloud-based digital transformation?

By Gurmail Singh

Cloud computing is transforming organisations across the globe, making them more nimble, cost efficient and responsive to market demands. But security remains a perennial barrier. Unfortunately, outdated notions around how security should look in the cloud may be creating a false impression that migration is inherently more risky than keeping data on-premises. In fact, cloud-ready solutions exist to provide an environment as secure if not more so than traditional ones.

Continue reading

Head in the clouds: why nuanced security training is essential to remote working success

by Bharat Mistry

Organisations have been forced to adapt rapidly over the past few months as government lockdowns banished most workers to their homes. For many, the changes they’ve made may even become permanent as more distributed working becomes the norm. This has major implications for cybersecurity. Employees are often described as the weakest link in the corporate security chain, so do they become an even greater liability when working from home?

Unfortunately, a major new study from Trend Micro finds that, although many have become more cyber-aware during lockdown, bad habits persist. CISOs looking to ramp up user awareness training may get a better ROI if they try to personalise strategies according to specific user personas.

What we found
We polled 13,200 remote workers across 27 countries to compile the Head in the Clouds study. It reveals that (72%) feel more conscious of their organisation’s cybersecurity policies since lockdown began, 85% claim they take IT instructions seriously, and 81% agree that cybersecurity is partly their responsibility. Nearly two-thirds (64%) even admit that using non-work apps on a corporate device is a risk.

Yet in spite of these lockdown learnings, many employees are more preoccupied by productivity. Over half 56% admit using a non-work app on a corporate device, and 66% have uploaded corporate data to it; 39% of respondents “often” or “always” access corporate data from a personal device; and 29% feel they can get away with using a non-work app, as IT-backed solutions are “nonsense.”

Four security personas
This is where the second part of the research comes in. Trend Micro commissioned Dr Linda Kaye, Cyberpsychology Academic at Edge Hill University, to profile four employee personas based on their cybersecurity behaviours: fearful, conscientious, ignorant and daredevil. 

In this way:

Fearful employees may benefit from training and simulation tools as well as real-time feedback from security controls and mentoring.

Conscientious staff require very little training but can be used to good effect as exemplars of good behaviour and to team up with “buddies” from the other groups.

Ignorant users need gamification techniques and simulation exercises to keep them engaged in training, and may also require additional interventions to truly understand the consequences of risky behaviour.

Daredevil employees are perhaps the most challenging because their wrongdoing is the result not of ignorance but a perceived superiority to others. Organisations may need to use award schemes to promote compliance, and, in extreme circumstances, step up DLP and security controls to mitigate their risky behaviour.

By understanding that no two employees are the same, security leaders can tailor their approach in a more nuanced way. Splitting staff into four camps should ensure a more personalised approach than the one-size-fits-all training sessions most organisations run today. Employees will benefit from training and simulation platforms like Trend Micro’s Phish Insight, with its diverse library of training content designed to suit the varying cultures of organisations, skill levels and roles of employees. 

Join Trend Micro for a fresh perspective on cloud security

by Ross Baker

The current pandemic has done little to reduce the daily workload of most CISOs. In fact, with cyber-criminals ramping up social engineering efforts against home workers and attacks on remote access infrastructure, your spare time may well be more precious than it’s ever been. That’s why Trend Micro has created Perspectives, a jam-packed two-hour virtual event focused around the topic of securing digital transformation. 

Experts from AWS, Azure, Trend Micro, IDC and some of our biggest customers will come together to share their insight on Thursday, June 25.

Continue reading

How to beat cloud misconfiguration: Trend Micro @ Cloud Expo Europe

By Bharat Mistry

Cloud adoption is moving pretty fast. So fast, in fact, that sometimes organisations roll-out infrastructure without being able to fully support their end of the shared responsibility model. The bad news is that the vast majority of incidents still go unnoticed. That’s a compliance timebomb waiting to go off.

Fortunately, we have an answer. At Cloud Expo Europe this month, Trend Micro’s Cloud Security Architect, Ian Heritage, will be taking to the stage to explain all.

Clouds are everywhere
There was a time not so many years ago when the public cloud was only for the early adopters. It’s safe to say we’re well beyond that point now. In fact, Gartner predicts that the public cloud services market will grow 17% in 2020 to top$266 billion, and continue on to reach nearly $355 billion by 2022. 

However, as more firms build out hybrid cloud environments from multiple vendors, complexity rises. And as it does so, in-house teams find it increasing difficult to stay on top of the multiple competing protocols, policies and platforms they must manage. Sometimes they’ll have brought in different security vendors, which can create further complexity and allows coverage gaps to appear. 

Complexity means mistakes
The end result is inevitable: mistakes get made that can leave cloud data stores unprotected. You don’t have to go far to find an example. Whether it’s an online Elasticsearch database a MongoDB instance or an AWS S3 bucket, configuration incidents have impacted defence contractors like Boeing, big-name brands like Honda, and a whole host of companies and service providers in between.

The worrying news for CISOs is that, whereas over the past few years such leaks have usually been found and responsibly disclosed by security researchers, cyber-criminals are now starting to take notice. A growing number of cases have seen hackers probe for unsecured cloud databases, steal the data and hold it to ransom. One report even suggested that Magecart hackers are getting in on the act by trying to seed malicious digital skimming code in misconfigured buckets.

A cloud misconfiguration was also technically to blame for the mega-breach at Capital One which exposed data on 100 million customers and applicants.

Trend Micro at Cloud Expo
The cost to organisations could be massive. One vendor claims that over 33 billion records were exposed in leaks due to cloud misconfigurations in 2018 and 2019.

Fortunately, Trend Micro’s Cloud Conformity offers a solution: a cloud security posture management (CSPM) platform providing continuous monitoring, alerts and remediation of AWS and Azure environments. It will flag when configuration errors have been made and offer simple steps to get you back on track, all from a single pane of glass.

Join our Cloud Security Architect, Ian Heritage, at Cloud Expo Europe this month to hear how you can tackle the challenge of cloud misconfiguration, and in so doing drive DevOps and business growth. 

What: Cloud Misconfiguration Causes Breaches—How to Avoid it: Ian Heritage, Cloud Security Architect, Trend Micro. At Cloud Expo Europe.
Where: ExCel London, Keynote Theatre
When: Thursday, 12 March, 2020. 11.10-11.30