With businesses of all sizes keen to ensure they don't become the next big-name security attack victim, the need to stay on top of your data could be central to staying safe from the latest threats.
“Every business should be aware of the data they have that are critical, and the processes they have that are critical," Robert McArdle, Trend Micro Director FTR - CyberCrime Research told TechRadar Pro at the company's recent CloudSec event in London.
“It’s about understanding the risk you have - accepting what you can do, and making sure you can understand the risks.”
- Trend Micro: Prepare for the age of IIoT security
- Why IoT security should be top of your list
- Trend Micro: IoT brings innovation, but also threats
McArdle notes that as cybercrime has become more professional and business-like in recent years, the tactics used by hackers are adapting to how their victims operate, keeping them one step ahead of the game. As more companies look to save money and resources by outsourcing a growing number of processes, they may in fact be opening themselves up to a wider threat landscape.
“The strange thing about this as a service model, if you want to call it that, is that the people who have almost the most experience of all of this is the criminals," he says.
"Cybercrime is almost entirely an 'as a service' model, and they've been doing it like that for years.”
“So they're long ahead of the curve in terms of folks figuring out how to target each other's as a service models to take over - they have more experience than your typical company has in this space.”
“For those more targeted professional criminal groups, going further up that chain gets them enormous bang for their buck,” he adds. “They're not so much going to target the Amazons of this world with their huge security departments - but when you look at, for example, applications or libraries that people incorporate into their products, these might be poorly secured instead.”
Collaboration
The same goes for the rapidly expanding area of IoT security. As more and more companies expand into the wider world and utilise the data-gathering potential of the IoT, they again may be opening their systems up to more threats.
McArdle notes that with the exception of well-developed smart devices and tools such as Amazon's Echo and Alexa services, "there's almost no security at all for the long term".
The need for collaboration is key, he says, noting that Trend Micro is partnering with providers, including car manufacturers in Asia, to get security at a chipset level in new products to ensure they stay protected.
"It shouldn't be the case that (manufacturers) have to worry about security when it's not their core business," he says, emphasising the need for more embedded security to ensure a thorough level of protection.
Additional security could also be on the way thanks to the significant developments being seen in the field of AI security, which utilises the power of artificial intelligence to boost protection for businesses.
McArdle notes that when it comes to security, AI is not particularly new at all, as Trend Micro has actually held AI patents for 15 years, but the technology is being deployed more and more, particularly in terms of file scanning and endpoint security.
AI could be a major boost for defensive security, he adds, noting that there's no way humans could manually check every attack targeting a business. The technology could be key to building cyberdefences at scale, particularly as the number of cyberattacks continues to grow.
“You can't just do in a dumb way," he says, "you have to have some sort of method that learns based on what your network looks like, and what's coming in on a regular basis and is able to say, ‘that looks weird’”.
However the criminal side may also be utilising AI, with McArdle saying he anticipates a jump in the number of attacks in the next couple of years. The technology is not widely used now due to the effectiveness of current models, as well as current systems being incredibly easy to detect when gathering huge amounts of data to launch a malicious AI system.
But there is also a human element too, as many computer science students entering higher education now are getting formal AI training immediately, before securing a well-paid security job - as opposed to script-kiddie hackers learning about the possibilities of AI and cybercrime when much younger, then choosing a criminal career for the lucrative payoffs.
So to ensure your business stays protected, get security into your digital transformation plans now - and that, along with AI implementation, could be the difference.
