• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Data Privacy   »   A Year to Remember: What Can we Learn to Improve Cyber Security in 2016?

A Year to Remember: What Can we Learn to Improve Cyber Security in 2016?

  • Posted on:December 22, 2015
  • Posted in:Data Privacy, Internet Protection, Security, Vulnerabilities & Exploits
  • Posted by:
    Jon Clay (Global Threat Communications)
0

For IT security teams across the globe the past 12 months have been a roller coaster ride. From massive attacks on our federal data stores to sophisticated, economically motivated data breaches, to newly emerging threats in the Internet of Things space – there’s never been a dull moment. But as we pick over the remnants of 2015, it makes sense to look at what lessons we can learn from some of the key events, to better prepare us for the year ahead.

One thing is certain: CISOs and their teams are going to be tested like never before in the coming 12 months.

The year of the data breach

There’s barely enough space here to analyze all the data breach incidents that have occurred over the past year. You’ll no doubt remember some of the biggest: JP Morgan (83 million); infidelity site Ashley Madison (37 million), and prison tech company Securus (70 million records) particularly caught the eye. The government suffered its fair share of attacks too, notably the Office of Personnel Management (22 million).

What can we learn from these incidents? Well, it is clear that government systems need to be better protected against targeted attacks. The 30-Day Cybersecurity Sprint made a great start by improving access controls, but it is only a start. Public and private sector organizations alike need to think harder about protecting against the growing threat of targeted attacks. The means to launch fairly sophisticated cyber intrusions designed to fly under the radar of traditional security defenses is readily available on the darknet today. Organizations need to fight back with advanced sandboxing capabilities to spot malware in spear phishing emails; file integrity monitoring and log inspection to get better situational awareness of unusual network behavior and lateral movements; and intrusion detection/prevention to shield unpatched vulnerabilities.

Another thing to realize from these attacks is the sheer diversity of threat actors out there. From nation states to financially motivated cybercriminal gangs to hacktivists and belligerent insiders – no organization is safe today. For a myth-busting run down of the past decade of data breaches check out our Follow the Data reports – some of the findings might surprise you.

Information is power

At Trend Micro we’ve been doing our best to help our customers, and industry stakeholders, push back the rising tidal wave of threats facing us. In 2015 we continued to innovate in our product development to protect against the latest threats; teamed up with law enforcers to tackle the bad guys head on – helping dismantle the Dridex botnet; protected customers past the end of support deadline for Windows Server 2003 thanks to virtual patching in Deep Security; and released major new research to progress the fight against cybercrime.

Some of our best research included a series of papers uncovering various regional Deep Web underground economies in countries like North America, Russia, Japan, Germany and China. We also leveraged our global reach further, to uncover a worrying increase in critical infrastructure attacks against nations in the Americas; and we revealed that internet-connected gas station pumps may also be in the firing line of hackers.

Another Trend Micro study – this time of US, Japanese and European consumers – found huge misgivings about IoT privacy and security. The industry needs to pull together pretty quickly to agree on standards and build security into these connected devices from the ground up, before it’s too late.

To find out more about our predictions for 2016 check out our latest report, The Fine Line.

Please add your thoughts in the comments below or follow me on Twitter; @jonlclay.

Related posts:

  1. Cyber security and the Super Bowl: What can enterprises learn?
  2. Why 2016 Could be a Big Year for Global Cyber Security Efforts
  3. Why Security Must be Center Stage at CES 2016 this Year
  4. 2016: The Year of the Fatal “Smart” Failure?

Security Intelligence Blog

  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
  • Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Answering IoT Security Questions for CISOs
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • How To Be An Informed Skeptic About Security Predictions
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Skimming and Phishing Scams Ahead of Black Friday and Polish Hacking Team Wins Capture the Flag Competition
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • The Shared Responsibility Model
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • What Worries CISOs Most In 2019

Follow Us

Trend Micro In The News

  • Trend Micro Takes On Palo Alto Networks With Cloud Conformity Buy
  • Trend Micro Partners with Snyk to Fix Vulnerabilities for DevOps
  • Trend Micro Partners With Snyk To Advance DevSecOps
  • Hackers to stress-test Facebook Portal at hacking contest
  • NEW TECH: Trend Micro inserts 'X' factor into 'EDR' - endpoint detection response
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.