The IT Nerd

Trend Micro Incorporated has published new research* revealing that persistently low IT/C-suite engagement may imperil investments and expose organizations to increased cyber risk. In Canada 93% of the IT and business decision makers surveyed expressed particular concern about ransomware attacks.

To read a full copy of the global report, please visit: https://www.trendmicro.com/explore/en_gb_trendmicro-global-risk-study

Despite widespread concern over spiralling threats, the study found that only 2-in-5 (42%) of responding IT teams discuss cyber risks with the C-suite at least weekly.

Fortunately, current investment in cyber initiatives is not critically low. Just under half (46%) of respondents claimed their organization is spending most on “cyber-attacks” to mitigate business risk. This was the most popular answer, above more typical projects like digital transformation (40%) and workforce transformation (32%). In addition, nearly half (44%) said they have recently increased investments to mitigate the risks of ransomware attacks and security breaches.

However, low C-suite engagement combined with increased investment suggests a tendency to ‘throw money’ at the problem rather than develop an understanding of the cybersecurity challenges and invest appropriately. This approach may undermine more effective strategies and risk greater financial loss. 1-out-of-2 respondents (50%) said that cyber threats were an IT problem, while just 34% found it to be an overall business risk. Less than half (40%) of respondents claimed concepts like “cyber risk” and “cyber risk management” were known extensively in their organization. Even more troubling, 8% of respondents said that their company does not assess cyber risk at all. 

Three quarters of Canadian respondents (75%) want to hold more people in the organization responsible for managing and mitigating these risks, which would help to drive an enterprise-wide culture of “security by design.” The largest group of respondents (32%) favoured holding CEOs responsible. Other non-IT roles cited by respondents included CFOs (26%) and CMOs (14%). 

The study follows previous Trend Micro Research revealing a worrying cybersecurity disconnect between business and IT leaders – perpetuated by self-censorship from cyber experts and disagreements over who is ultimately responsible.

*Trend Micro commissioned Sapio Research to interview 5321 IT and business decision makers from enterprises larger than 250 employees across 26 countries​.

Data has become increasingly valuable in our digitally connected lives, with both organizations and threat actors looking to harness it for their own benefit.

Smartphones and apps have ushered us into a new age where it has become common for apps to ask for access to your personal data – such as geolocation, access to your contact list and even in some cases your photos. Consumers are reminded to be careful with who has access to this. 

Data Privacy Day on January 28 is aimed at raising awareness and promoting best practices for data privacy and protection in the digital age.

Trend Micro has posted an blog entry titled “12 Tips to Keep Your Data Private.” I highly encourage you to have a look at this as these are tips that can help to keep you safe.

Trend Micro Incorporated today predicted global organizations will emerge more alert and better prepared in 2022 thanks to a comprehensive, proactive, cloud-first approach to mitigating cyber risk.

Research, foresight, and automation are critical for organizations to manage risk and secure their workforce. Trend Micro blocked 40.9 billion email threats, malicious files and malicious URLs for customers in the first half of 2021 alone – a 47% year-over-year increase.

Trend Micro researchers predict that threat actors in 2022 will focus ransomware attacks on cloud and datacenter workloads and exposed services to take advantage of the large number of employees continuing to work from home. Vulnerabilities will be weaponized in record time and chained with privilege escalation bugs to drive successful campaigns, according to the report.

IoT systems, global supply chains, cloud environments, and DevOps functions will be in the crosshairs. More sophisticated commodity malware strains will be aimed at SMBs.

However, Trend Micro predicts that many organizations will be ready for the challenge as they build out and implement a strategy to proactively mitigate these emerging risks via:

• Stringent server hardening and application control policies to tackle ransomware
• Risk-based patching and a high-alert focus on spotting security gaps
• Enhanced baseline protection among cloud-centric SMBs
• Network monitoring for greater visibility into IoT environments
• Zero Trust principles to secure international supply chains
• Cloud security focused on DevOps risk and industry best practices
• Extended detection and response (XDR) to identify attacks across entire networks

To read a full copy of Trend Micro’s 2022 predictions report, please visit:https://documents.trendmicro.com/assets/rpt/rpt-toward-a-new-momentum-trend-micro-security-predictions-for-2022.pdf

Trend Micro today announced new research* revealing that 81% of Canadian IT decision makers claim their business would be willing to compromise on cybersecurity in favor of hybrid working, productivity, innovation or other goals. Additionally, 70% have felt pressured to downplay the severity of cyber risks to their board.

The Canadian research reveals that just 44% of IT leaders and 45% of business decision makers believe the C-suite completely understand cyber risks. Most think this is because the topic is complex and constantly changing. When it comes to who’s ultimately responsible for managing and mitigating risk, 32% of respondents think it’s the CEO, with IT organizational teams coming in second, at 29%. When asked if more people should be held responsible for managing/mitigating business risk, 75% of respondents agreed.

The survey also found that 50% of respondents claim that cyber risks are still being treated as an IT problem rather than a business risk. This friction is causing potentially serious issues: almost half (48%) of respondents agree that their organization’s attitude to cyber risk is inconsistent and varies from month to month.

However, 36% of respondents believe cybersecurity is the biggest business risk today, and 64% claim it has the highest cost impact of any business risk – a seemingly conflicting opinion given the overall willingness to compromise on security.

There are three main ways respondents believe the C-suite will sit up and take notice of cyber risk:

• 65% think it would take a high-profile breach being reported in the media
• 61% say it would help if a competitor has a breach
• 59% say it would make an impact if their organization is breached

To read a full copy of the global report, please visit: https://www.trendmicro.com/explore/en_gb_trendmicro-global-risk-study

*Trend Micro commissioned Sapio Research to interview 207 IT and business decision makers from enterprises larger than 250 employees across Canada​.

Trend Micro today released a visionary new report and video dramatization articulating how the world might look at the start of the next decade — and how the security sector might respond to evolving cybercrime innovation.

By 2030, connectivity will impact every aspect of daily life, on both the physical and psychological levels. Malicious threat actors will evolve to use and abuse technological innovation – as they always do. Click here to learn more about Project 2030.

The report itself looks at the world in 2030 through the eyes of a fictional citizen, a business, and a government. It offers a detailed analysis of evolving cyber threats and how these might impact security stakeholders.

Among the predictions are:

• AI tools democratize cybercrime on a whole new scale to individuals with no technical skill
• Attacks cause chaos with supply chains and physical harm to humans through their cyber-implants
• Social engineering and misinformation become more visceral and harder to ignore when delivered via ubiquitous Heads Up Displays (HUDs)
• Massive IoT (MIoT) environments attract sabotage and extortion attacks targeting manufacturing, logistics, transportation, healthcare, education, retail, and the home environment
• AI-powered obfuscation makes attribution virtually impossible, pushing the security industry’s focus towards incident response and IAM at the edge
• 5G and 6G connectivity everywhere drive more sophisticated and precise attacks
• “Everything as a Service” turns cloud providers into hugely lucrative targets for cyber-attackers
• Grey markets emerge for those that want tools to confound workplace monitoring
• Techno-nationalism becomes a key geostrategic tool of some of the world’s most powerful nations, with the gulf between them and the have-nots widening further

A successor to Trend Micro’s acclaimed 2012 report, Project 2020, the new paper was compiled from open-source research, vendor threat landscape reports, scientific abstracts, patents, an invitation-only online survey, and a CISO poll. The video dramatization of the report is meant to be an engaging, entertaining way to visualize the future and enable organizations to think about how they will need to adapt to new realities.

Trend Micro today announced that it is launching the new Trend Micro Cyber Academy  this month, giving teachers and parents a powerful tool to improve children’s safety and awareness online. As part of the Internet Safety for Kids and Families education program, the Cyber Academy will offer a series of video-based lessons and learning materials designed to improve children’s digital literacy skills in a way that’s meaningful and engaging.

According to research from early 2021, children have doubled their screen time during the pandemic, and are more likely than ever to be exposed to online threats such as exposure to adult content, phishing, and scams. Digital literacy skills are crucial to helping children avoid risks to their privacy and security and learn how to identify what is trustworthy or not online.  At the same time, the internet provides great opportunities for children and 63% of parents believe the internet has been beneficial to their children’s social and emotional well-being.  Digital literacy skills helps children realize the benefits of technology while also keeping it safe and positive for them.  

Aimed at children 7–10-years-old, the Cyber Academy will initially consist of five internet safety lessons that focus on passwords, two-factor authentication, security, privacy and healthy habits. The lessons can be delivered on-demand by a teacher in the classroom or a guardian at home in just 10–15 minutes and are offered completely free of charge. Future lessons which to be released in the coming months will cover topics such as cyberbullying, media literacy skills and managing screen time.  The lessons will be also available in additional languages over the coming months including Spanish, French, and Mandarin.

Each lesson consists of:

• A three-minute animated video
• A conversation guide with Questions & Answers for kids
• A Kahoot! Quiz to reinforce learning 
• A downloadable activity sheet as homework
• Further resources for parents, guardians and teachers

For more than a decade, Trend Micro’s Internet Safety for Kids & Families initiative has been working to address the often-neglected cybersecurity imperative of educating kids on how to be safe and responsible in their digital lives. As the challenge has become even more urgent during the Covid-19 pandemic, the company is committed to improving child safety and awareness in cyberspace. 

Trend Micro today announced the launch of its Trend Micro Cloud One regional data center service hosted in the Amazon Web Services (AWS) Canada (Central) Region, to uphold data residency, safeguard data privacy and reduce business risk for Canadian organizations.

Owing to the agility that cloud brings, organizations are increasingly embracing it, making SaaS the preferred model for security solutions delivery. However, many customers face regulatory or policy-based concerns around the location of SaaS platforms or data storage for their workloads. Having a cloud data center within the country improves compliance and reduces friction for guidance and reporting requirements.

Trend Micro Cloud One is the company’s flagship cloud security services platform for protecting servers, resources, and applications in the cloud. The general availability announcement of the data center service in AWS Canada is part of Trend Micro’s commitment to supporting the business priorities of their customers.

Trend Micro chooses October as the launch date to raise awareness for Cybersecurity Awareness Month. The all-in-one platform approach provides automated protection, which will protect Trend Micro’s customers throughout their cloud journey. Data residency and sovereignty concerns are no longer a roadblock for enterprises to leverage the company’s market-leading platform.  

Trend Micro today revealed findings from its global survey on the resilience of Security Operations Centers (SOCs) as they continue to encounter a rising number of cybersecurity threats to their businesses.

The global survey polled IT specialists in 21 countries and included 101 Canadian IT security decision-makers in their findings. Overall, study results found that just under half (46%) of SOC/IT security teams were overwhelmed by security alerts. Additionally, almost three-quarters (71%) of respondents reported being negatively impacted emotionally by their work managing cybersecurity threats and alerts. This includes almost half (43%) reporting they felt so stressed at work they were unable to relax.

The survey also found that more than half (52%) of Canadian respondents were not highly confident about their organization’s ability to prioritize and respond to security alerts. This, despite companies surveyed reporting having an average of 23 security monitoring solutions in place to deal with ongoing threats. Furthermore, when it came to security infrastructure already in place, 2 in 5 companies (41%) admit to not using their existing systems. Reasons for not using their systems included them being out of date (46%), a lack of integration (41%), and difficulties around using it (31%).

Other topline Canadian findings include:

• 65% of companies surveyed are either expecting or already dealing with a data breach.
• 82% of companies surveyed have a security operations centre (SOC).
• Just under half of SOC/IT security teams operate 24/7 (45%).
• On average 25% of time is spent investigating false alert positives.

Trend Micro Vision One is the company’s answer to the struggles of SOC teams. Prioritized, correlated alerts using data from the entire IT environment help teams spend their time more wisely. Fewer alerts and stronger intelligence allow teams to regain balance in their work life and ease the emotional toll of security.

To find out more, please read the accompanying report.

Research methodology

The study is based on interviews with 2,303 IT security decision makers in 21 countries. This includes leaders who run SOC teams (85%) and those who manage SecOps from within their IT security team (15%). All respondents came from 250+ employee companies.

Trend Micro Incorporated and Carleton University have partnered to support more women pursuing careers in STEM through the Women in Engineering and Information Technology (WiE&IT) Program, launching this September. As one of the first sponsored programs of its kind in Canada, it aims to close the gender gap in STEM careers by providing women undergraduate and graduate-level students access to tools, knowledge, and resources for a successful transition into the workforce.  

As an organization that prioritizes learning and encourages employees to grow and take risks, Trend Micro proudly supports the university’s vision for the WiE&IT Program. This vision focuses on increasing awareness of women role models and providing young women with the tools and knowledge for a successful transition into the workforce.

Currently, less than twenty-five per cent of the entire Canadian STEM workforce is female. This program will create mentorship opportunities, host events for women students to build relationships with industry and government partners and provide a special fund to support allies at Carleton in meeting their equity, diversity and inclusion goals.

The program launches this school year at the beginning of September and will be virtual.