How To Keep Up With The Always Changing Cybersecurity Threat Landscape
Expert Insights Interviews Jon Clay, Director of Global Threat Communications at Trend Micro
Since its founding in 1988, Trend Micro has become one of the world’s leading cybersecurity vendors, protecting people and organizations around the world. Jon Clay has been part of the Trend Micro journey for the last 24 years, as it has come to provide an ever increasing range of cybersecurity solutions and services.
Clay has taken on multiple roles at Trend Micro, moving from sales to marketing and now to the role of Director of Global Threat Communications, where he publishes and evangelises the extensive threat research that Trend Micro regularly publishes. Clay is also a speaker for Trend’s Internet Safety for Kids and Family programme, which aims to promote good digital citizenship for students and parents around the world.
Expert Insights spoke to Clay about Trend Micro, his role, the changing cybersecurity threat landscape, and the major challenges that businesses are facing today.
The Changing threat landscape and the importance of multi-layered security
Trend Micro’s core markets break down to 25% consumer and 75% business, with a mixture of SMBs, large enterprises and government agency customers. Their business solutions take up the majority of their service offering, with a range of cloud-based email, web, network and endpoint security solutions, which allow businesses to implement multi-layered threat protection.
Clay tells me that in the rapidly changing threat landscape, this strong, multi-layered security approach is critical. “When you think about the threat landscape today,” he says, “one thing you have got to think about, especially with ransomware actors, is that it will initially start with a targeted email message.”
These email messages, he says, are part of a multi-stage attack process, especially when it comes to ransomware. An email message sent by a cyber-criminal will try to trick users into clicking on a link, or opening an attachment. But usually attackers aren’t aiming to compromise that user in particular, instead they aim to move laterally across the organization, looking for better targets or more critical business systems. With this in mind, the idea you can block a threat only at the endpoint is no longer true.
“First and foremost, our data shows almost 90% of the threats are going to come in via email,” Clay tells me. “So, you absolutely have to have an email layer of protection.”
When an attack is successful, attackers will download more malware from the web, down to your IoT devices or servers. “So, you also absolutely have to have web security,” he says. “Then the next line of defence should be the endpoint.”
“But, it’s not enough just to have a single type of technology at your endpoints. You need to have multiple technologies at each of those areas, because the threats are so diverse today that you may need machine learning technologies, as well as signatures.”
Clay explains that 80% of the file-based threats they see are detected by their signature-based threat detection technology. However, the machine learning element is crucial, because sophisticated threats can still continue to get through this type of security.
“So, it’s not just multiple layers from the cloud to the endpoint, it’s also multiple layers in those technologies, that can allow you to detect threats when you need to,” Clay summarizes.
The shift to the Cloud and the Internet of Things
One of the major trends across the cybersecurity landscape is businesses increasingly moving their IT infrastructure to the cloud. Interconnected cloud technologies have brought new security challenges to businesses, as cyber threats in the cloud have increased in sophistication and complexity.
“Over the 24 years I’ve been at Trend Micro, the threats have changed tremendously,” Clay says. “The attack surface is growing monumentally because of the Internet of Things, and the cloud is just increasing the attack surface for these actors.”
“Attackers are loving the cloud expansion we’re seeing, and unfortunately this is causing challenges for businesses and users alike, because we have to deal with the fact everything is a computer today, which means that it’s a target as well.”
Threats have become increasingly more difficult to combat over time, Clay says, because the infrastructure is changing rapidly. We’re shifting from a traditional data centre approach, to a hybrid model.
“Now in the cloud we’re seeing DevOps, containers, 5G, all of this new architecture,” Clay tells me. “But the problem is that very few people are actually trained on this stuff. We all know that when new architecture comes out, you have to learn it, you have to understand what the attacks are, and what they are targeting.”
“So, as the threats change, we have to be able to combat them as well.”
The dangers of ransomware and business email compromise
Ransomware is one of the major threats facing businesses at the moment. Clay believes that this threat will continue, into the 2020s.
“Ransomware still works,” Clay tells me. “It generates attackers a lot of money. For that reason, ransomware is going to be a threat into the foreseeable future, until organizations can figure out how to defeat it.”
Ransomware is a particularly harmful type of computer virus. Usually distributed via phishing emails, it takes control of endpoints and encrypts all the data they contain. Once this occurs, a ransom note will appear on the desktop, threatening businesses to pay up, or lose their data.
Clay tells me that the email and endpoint security tools Trend Micro are developing are able to do a good job at detecting and stopping ransomware, but there are still numerous obstacles to stopping the threat completely.
“We actually have tools today to detect ransomware, with machine learning technology that is very good at detecting new variants,” he says. “Our big challenge right now is getting good cyber hygiene out there to all organizations.”
Business email compromise is another major threat businesses will need to deal with, Clay says. “This is where criminals impersonate your CFO, or CEO, and request a wire transfer from the financial people in your organization, using email.”
“This is going to continue to be a problem, because again, it works, and it’s effective.”
Clay argues that the best way to stop these threats, is with machine learning and artificial intelligence powered tools. “These are probably the two big areas that you’ll see improvements in cybersecurity,” he says. “Not only in detection, but also in visibility, and ability to analyse the data very quickly to give good information and context around what you’re seeing.”
Island Hopping and why everyone is at risk from cyber threats
There is an idea prevalent among many small businesses that the only organizations that need to be worried about cyber threats are large enterprises.
However, these threats “unfortunately, affect everybody,” Clay says. “The reality is, in a lot of cases, small businesses are part of a supply chain to a bigger organization. So, a lot of times, what actors will do is something we call ‘Island Hop,” which is to infect a small vendor, a supply chain vendor, and use their access to the bigger company’s network.”
There is also a growing ‘access-as-a-service’ model within ransomware groups. This is where one cyber-criminal group initially infects an organization, using phishing or some other means. But rather than stealing data or launching ransomware themselves, they then sell this access point to other criminal organizations.
“Selling resources from organizations is a big piece in the cyber-criminal underground,” Clay says. “Attackers can infect a small business, but they’re not looking to steal, or encrypt their data.” Instead, they will be looking to sell this access point to another group who may exploit their machines to blockchain, or launch other attacks on their network.
“It can be extremely complicated,” Clay summarizes. “So, it’s critical that all organizations, whether it’s a small business or all the way to a very large enterprise, maintain and manage a very effective cyber security strategy.”
The Importance of Innovation
Over three decades in the cyber security industry, Trend Micro have taken on a huge scale. They offer a massive range of cybersecurity solutions, targeting customers of all sizes, from individual consumers, to massive enterprises and government agencies. Trend Micro aims to combine this scale, and the in-depth threat knowledge and ability to execute that comes with it, with the innovation you would expect to see from a much younger company, Clay tells me.
“We support R&D very heavily,” says Clay. “We have been an innovator in the industry for many, many years, and a lot of the technologies that are in place today, were developed by Trend Micro.”
Clay gives an example of this in machine learning. “This is something which is very hot in the security landscape right now, but has actually been in use by Trend Micro since 2004,” he tells me.
“We now have over 20 different applications of machine learning and artificial intelligence within our product line. And that’s covering all areas, all different types of threats. So, a huge, huge differentiation, I feel in the industry.”
Considering Trend Micro?
If you want to find out more about Trend Micro’s security solutions, Clay’s advice is to get in touch. “Give us a call and talk to us,” he says, “because we can for sure help you understand your needs. We have the capability of covering you from the cloud, all the way down to your IoT devices and everywhere in-between to help you understand the threats detected.”
“Also, check out our website, www.trendmicro.com. We publish a ton of content about the threat landscape and what are the most recent threats. Lastly, I would say, check out our Internet safety for kids and family programme. That’s a volunteer programme we’ve been doing for 12 years now to try and help promote good digital citizenship at the school level.”