Cyber Crooks Getting Smarter – but Users Aren’t

Trend Micro’s global CTO says the bad guys reading the analyst’s notes and security company reports, and that many users are struggling to keep up.
May 15, 2013 5:00 PM ET

ITWire

Raimund Genes knows a thing or two about cyber crime. As Chief Technical Officer of security vendor Trend Micro, he’s seen it all. He is currently in Australia for Trend Micro’s Evolve series of industry conferences.

He believes IT security has changed dramatically in recent years ,and made users’ jobs much more difficult. This is because of what he calls the ‘three Cs’:

CONSUMERISATION

“BYOD might stand for bring your own disaster,” says Genes. “It is very easy to lose control. A lot of organisations haven’t addressed this issue.” And Evernote and other file-sharing services such as Dropbox and Box.net, are an attractive avenue for hackers attempting targeted attacks on organisations or individuals because they don't attract the attention of administrators.

CYBER THREATS

“Cybercrime is flourishing. The attackers make millions, but they don't pay any taxes or publish annual reports, and they are relatively safe from detection. There is more industrial espionage , more state sponsored attacks, more targeted activity.”

CLOUD AND VIRTUALISATION

“Technology is different now, and so must security be. Virtualisation means that it can be very difficult to totally prevent attacks – the emphasis must change to early detection, with technologies like network sniffers.”

Genes says that as security threats grow in sophistication, securing critical data is becoming a greater challenge for governments and private organisations. But he says that users are simply not keeping up.

“The bad guys read the same security reports and have access to same technology as users do,” he warns. “They’re not stupid. They see the new opportunities as they arise – mobile devices, debit cards, and now the Internet of Things like cars and other everyday items, like smart TVs.

“Now we are moving towards NFC (near field communications) and using our phones as wallets. We are already seeing a massive increase in mobile malware. It’s scary. We need to totally rethink our approach to security.”

There are problems too, says Genes, come from the increased use of Internet attached SCADA (supervisory control and data acquisition) and other industrial control systems. Trend Micro recently set up a ‘honeypot’ in the US to mimic real industrial control systems and SCADA devices. Over 28 days, 39 attacks from 14 countries were recorded. One third came from China, indicating the extent of industrial espionage from that country.

”Big Data is another issue. Newly developed Big Data solutions claim to be able to extract high-quality and commercially useful information from existing data mountains. But can it deliver on its promise? And are we on the verge of another controversial privacy debate?”

 The Trend Micro conference, in Melbourne last week and Sydney today, brings together a range of international and local security leaders and experts to talk about the major trends in IT security. As well as Genes, they include Frost & Sullivan’s Andrew Milroy, NAB’s Head of IT Security Services Operations, and Dr Jon Oliver, a senior global threat researcher, who is talking on cyber criminal professionalism.

Howard Schmidt, former cyber security head for President Obama is giving an address titled: “CyberCrime, CyberSpy, CyberWar - Taking the Lessons From the Past, to Build for the Future”. He talks of the “need for tighter security around the needs for citizenship privacy versus the need for cohesive infrastructures, while developing comprehensive private sector and government partnerships.”

This post originally appeared on ITWire