Trend Micro’s yearly cybersecurity conference marked a triumphant return to in-person gatherings with the theme “DECODE 2023: Resilience Rising.” The event, recently hosted at the EDSA Shangri-la Hotel, drew over 700 attendees from diverse organizations and universities across the metro. Brimming with a multitude of track sessions, panel discussions, and hands-on activities, participants had the opportunity to interact with prominent cybersecurity experts. The discussions spanned various critical topics including threats, data & privacy, skills & processes, and emerging technologies, fostering engaging dialogues and knowledge exchange.
In light of the consecutive cybersecurity challenges encountered by numerous organizations and businesses in the country over recent months, we’ve compiled five essential insights on cybersecurity, gleaned from expert perspectives:
1. Hackers are progressively getting more creative
As technology rapidly advances, hackers are similarly enhancing and refining their tactics. A notable instance is the emergence of virtual kidnapping scams, exploiting the readily available audio, video, and images accessible via social media. These scams are orchestrated with meticulous timing, coinciding with moments when children are at daycare or school. Parents receive distressing video calls purportedly featuring their child’s face and voice, pleading for a ransom payment. Attempting to contact their child directly leads to rerouted calls, with criminals leveraging AI-powered voice cloning tools to impersonate the kidnapped child.
To counter such innovative crimes, cybersecurity firms and professionals are diligently upgrading their systems and enhancing workforce skills to bolster resilience. Jay Yaneza, Director of Managed Detection and Response at Trend Micro, highlighted during the DECODE panel discussion how companies and organizations are advancing their approach to cybersecurity. By recognizing the risks and continuously adapting to the evolving threat landscape, businesses and cybersecurity entities can fortify their defenses against the ingenuity of threat actors.
2. Artificial intelligence can be our friend or foe
The advent of artificial intelligence (AI) has sparked debates regarding its true societal impact. AI undeniably holds potential as a valuable tool, contingent on how it’s employed. However, this versatility also extends to its potential utility for cybercriminals. Robert McArdle, Director of Forward-Looking Threat Research at Trend Micro, emphasized in his keynote that criminal circles already host numerous forums dedicated to AI education. Consequently, lower-tier threat actors can swiftly ascend the ranks to become more sophisticated, eventually culminating in elite-level criminals finely attuned to criminal operations.
While cybercriminals, ranging from novices to expert hackers, explore the advantages of AI, cybersecurity firms and professionals are actively engaging with AI to proactively detect and promptly address AI-assisted threats. This parallel effort ensures early detection and mitigation of potential risks posed by AI-driven cyber threats.
3. Our convenience is their convenience
Initially considered a secure and innovative alternative to passwords, biometrics has transformed the internet into a platform where individuals regularly and inadvertently expose their voices, faces, and fingerprints. While businesses have streamlined their processes using biometrics and facial recognition, these technologies also introduce multiple security vulnerabilities for users.
The theft of biometric data poses a significant threat, granting malicious actors easy access to personal and private information of everyday consumers. This compromised data may include sensitive details like bank accounts, addresses, and more. In an era where personal data shapes one’s identity, it’s pivotal to exercise discretion regarding the credibility and trustworthiness of apps and services. One must carefully weigh the potential risks before providing images of their face or hands, considering the possibility of criminals misusing such data, potentially stealing fingerprints or even the entire identity.
4. Schedule that update for tonight —or ASAP
During the track session titled “When Good Intentions Fall Short: Top 5 Cyber Resilience Failures,” a case study highlighted how an organization fell victim to a ransomware attack that remained unnoticed for a staggering 21 days, solely due to an outdated security system. Most software integral to our daily lives, ranging from the system software on our phones and laptops to the software embedded in our printers and multimedia applications, receives consistent updates from developers. These updates aren’t merely cosmetic; they serve the critical purpose of staying ahead of threat actors and fortifying resilience against attacks.
However, this heightened protection and security become futile if users neglect to regularly update their devices and applications. Yaneza aptly notes, “The attacks that we’re seeing are a little bit faster nowadays… we used to be counting days, but now we’re counting hours.” Thus, delaying updates can leave systems vulnerable to increasingly rapid cyber threats. The crucial advice: don’t postpone those updates—schedule them as soon as possible to bolster your defenses.
5. While we can’t predict the future, we can prepare for it
The landscape of cybersecurity has undergone significant evolution in recent years. McArdle’s keynote, “Cybersecurity Threats in 2023,” delved into the top cybersecurity trends spanning from 2016 to the present, providing insights to anticipate future developments. What was once simple email scams aimed at acquiring bank credentials has transformed into data breaches affecting major global organizations and institutions. These organized and intricate cybercrimes, which used to dominate media coverage for prolonged periods, have now escalated to occurring almost weekly.
The silver lining lies in the fact that while many criminals pursue short-term and straightforward approaches, cybersecurity professionals armed with insights gleaned from reports like Trend Micro’s Mid-year Cybersecurity Threat Report can stay a couple of steps ahead in the game. This strategic advantage allows security tools and experts to proactively tackle emerging trends and predictions, helping thwart potential threats before they materialize.
The substantial turnout at DECODE 2023 underscores the fervor among local cybersecurity professionals to fortify their organizations against the aforementioned threats and trends. With Trend Micro’s commitment to democratizing cybersecurity education and bridging the skills gap in the Philippines, initiatives like DECODE empower participants with fresh perspectives and knowledge to share within their networks and organizations. This knowledge equips them to better shield against the continually evolving threat landscape.
Visitors registered on decodeph.com can access various track sessions and discussions from DECODE 2023: Resilience Rising on the website. For those interested in attending DECODE 2024, stay tuned to DECODE PH’s official website and social channels for forthcoming updates on registration and other relevant news.
