Fortifying the castle walls

A multi-layered approach to cyber security is crucial if attacks like WannaCry are to be avoided.

Sign Up

Get the New Statesman's Morning Call email.

Cyber attacks are happening all over the world all the time, but unless it is your email account receiving strange messages, or your shares that are suddenly plummeting, or indeed if you happen to be a cyber security professional and enthusiast like myself, it’s quite easy to switch off from the noise.

This wasn’t the case for the WannaCry attack on the NHS. The ransomware attack spread to over 150 countries in May 2017, and infected more than a third of health trusts in England, leading to the cancelling of at least 6,900 NHS appointments as a result.

The scale of this incident, and the real effect it had on people’s day-to-day lives and the ability of NHS staff to carry out their crucial work struck at the very heart of British society. Trend Micro staff like me looked on with horror, only too aware of the software failures that had allowed the NHS to become so vulnerable.

Simply put: 80 – 90 per cent of ransomware attacks enter via email. If an organisation has a standard email monitoring system which is using sandboxing technology – opening the email and following the links included or looking at the document attached to make sure it’s not malicious – this will stop a lot of attacks, but not all. The WannaCry attack didn’t use email – it had a worm component. These types of worms self-replicate and attack across the network through a number of routes. Unfortunately, the breached health trusts were relying on a single protection technology, but that one technology failed.

At school students are taught that castles rely on multiple layers of protection – an outer wall, an inner wall, and a keep. The same principle applies to cyber security, and Trend Micro is committed to following that principle. As such, we have been developing XGen, a new approach to endpoint security by blending multiple layers of threat protection, to provide the kind of layered protection that is crucial in today’s climate of advanced and unpredictable threats. The layers include signature-based detection to stop breaches via email, as well as behavioural analysis, application control and if these layers don’t stop the threat, then it will be stopped by advanced machine learning.

Having been in the cyber security industry for 20 years, I’ve watched numerous threats and seen attacks like WannaCry evolve and become more sophisticated. At Trend Micro we are continuously keeping an eye on emerging trends. Our threat defence experts and vast global network are constantly collecting data and identifying threats. A growing and complex threat landscape combined with changing compliance regulations are presenting in-house security teams with significant challenges. The introduction of GDPR, for example, – General Data Protection Regulation – is intended to protect people’s private data, but I am concerned that it has created an unlikely opportunity for criminals.

Under the new rules, if a company is compromised, leading to the loss of personal data, it has just 72 hours to report this or be fined four per cent of turnover. We predict that this may lead to the emergence of attacks that target GDPR-specific data. It raises the question of whether a company would rather pay a million dollar ransom to retrieve its stolen data from the criminals and not report it, or a multi-million fine for losing said data. This may sound like a strange prospect, but nine months ago the taxi giant Uber attempted to cover up a huge data exploit by paying off the hackers in the hope that the problem would disappear. Safe to say, it didn’t.

Other developments in the technology landscape have opened up new opportunities for cyber criminals. For example, the exciting emergence of IOT – the Internet of Things – has not only created innovative applications for business and consumers alike, but has created endless routes for infiltration. The National Cyber Security Centre and the FBI recently launched new guidelines, which warned of the possibility of foreign actors gaining access via wireless routers. Similarly, the targeting by foreign and domestic agents of elections and civic bodies is something we are watching closely. We believe these attacks will become more specific, mutating over the years.

I also predict that in the next 12 months, one buzzword will be heard more and more at cyber conferences: MDR – Malware Detection and Response. Security companies are going to start providing services that are more human-based to help with analysis of breaches and potential threats.

Cyber security actors are beginning to realise that, ironically, sometimes what is missing from the technology and cyber systems business is the human touch. The use of big data analytics allows us to see more than ever before, but it still requires human beings to get out of it in-depth analysis, and lessons learnt. However, the massive skills shortage afflicting the wider tech sector is a major barrier to this development.

At Trend Micro we have over 2000 researchers across both threat research and R&D and we pride ourselves on championing the human aspect of cyber security support. We are a family-owned business that is one of the largest independent security companies in the world. This year we will turn 30; looking to the next 30 years, we plan to keep protecting castles big and small, making sure that cyber criminals are challenged at every turn.

Simon Edwards is a cyber security architect at Trend Micro.