Myla Pilao leads security research communications at TrendLabs, Trend Micro’s Research and Development Center. She heads the division of the company that monitors the security threat landscape, including high-profile attacks like advanced persistent threats (APTs) and prevalent digital security threats like mobile, cloud, and critical infrastructure. She oversees a team that monitors and manages critical incidents and developments in the threat landscape. Myla is a strategic communications expert with over 10 years of experience as a security spokesperson and evangelist. She has since handled numerous public and media engagements in Europe, Asia Pacific & the Middle East, where she shares awareness and insights on digital threats and its real-world impact, along with countermeasure strategies for the computing public. Myla is also an active supporter and advocate on the protection of children’s online and international movements of stopping the online commercial distribution of inappropriate images of children. Myla holds a Master’s Degree in Business Administration from the National University in Singapore. She earned her Bachelor’s Degree in Arts and Letters, major in Communication Arts, from the University of Santo Tomas.
1. Trend Micro recently released a report that reveals the most common trends of cybercriminals and how it’s impacting businesses. What would you say was the most surprising factor that the report revealed?
While the underground market is home to banking credentials, exploit kits, and services, recently there have also been some new entrants. Cybercriminal’s methods of communication have changed with more activity increasing in the e-commerce and online markets too. Fraudsters have begun using automated and non-automated ways such as fake news, deep fake, and propaganda to drive opinions. Furthermore, access-as-a service has evolved from remote desktop protocol (RDP) offerings to selling access to hacked devices and corporate networks.
2. As Director for Technology Marketing at Trend Micro, what would you say is the most common cybersecurity threat that small business owners face and what initiatives can they implement to prevent their business from being at risk of a cyberattack?
The next six months will be crucial. As organizations and employees navigate working from home, understanding that business will never be the same again is important. With limited mobility, comes increased security for business owners especially small businesses. There are two main challenges organizations are facing right now:
- Outsourcing IT operations: Most organizations do not have the bandwidth to establish an IT department within the company and often outsource this service. With an increase in remote working, there is an increased vulnerability threat as cybercriminals can access and intercept remote networks through various tools as well. Employers should conduct the research and really evaluate their options if they’re choosing an outsourcing partner or make investments in security solutions within the organization.
- SIM-jacking: As businesses continue to operate digitally or over the phone, cybercriminals are monetizing hijacked SIM cards to gain access to a user’s enterprise email and then access to all kinds of corporate data. Business owners should consider options available to them for communicating – perhaps over secure email or video is better than phone in certain situations.
3. In your expert opinion, what is the biggest impact that a cyber-attack can have on a business?
The biggest impact is always on brand reputation, both internally and externally. The erosion of trust can transform a business negatively. We advise any business to be forthright and transparent if every the victim of a cyber-attack, and then follow up with a detailed action plan to mitigate future risks. It is imperative for businesses to embrace stricter security measures to ensure this does not reoccur.
4. Many businesses have suffered due to the COVID-19 outbreak. Would you say businesses are now more vulnerable and at risk of being victims of cyberattacks? Has there been an increase in cybercriminal activities since the beginning of the worldwide pandemic?
While businesses are adapting to remote working during the COVID-19 pandemic, cybercriminals are also making use of the opportunity to identify different tactics. When COVID-19 first hit, fraudsters targeted government stimulus money with fake applications, sometimes using phished information from legitimate businesses. They then moved onto targeting healthcare organizations with ransomware as they battled to save lives.
Now, cybercriminals have progressed to targeting teleworkers and this domain is only evolving. With remote environments not lending much security, they are constantly upping their search to identify VPN vulnerabilities and ways to compromise corporate networks via connected home devices
5. On a final note, what approach does Trend Micro suggest to business owners so that they can better defend themselves against cyberattacks?
Understanding the current focus for cybercriminals can help businesses prioritize risk and inform security strategies. At the same time, implementing a multi-layered strategy which encompasses people, process, and technology is imperative to defend themselves against future attacks. Business owners can take the following steps to better defend themselves against cyberattacks:
Educate: Organizations need to establish a culture of security by raising security awareness with their workforce and educating employees on how to spot social engineering techniques such as spam and phishing. Empower employees to know where to go for help, figure out the next steps, where and how to report any malicious activity.
Develop security policies: Businesses need to develop security policies to create awareness and empower employees to do the right thing. Scheduling security drills to gauge the reaction and confidence of the workforce is important. Establish a strict framework of what is accessible through a remote network. For instance, social networking websites, downloading applications, etc.
Back up: To ensure a company’s data is protected it’s important backup files regularly. The best practice for backing up files and data is to follow the 3-2-1 rule — 3 different copies stored in 3 different places, in 2 different formats with at least 1 copy stored offsite.
Choose a solid security solution as opposite a free version is imperative to protect businesses, employees, and customers. Especially now, it is imperative to invest in security solutions that have the capability to detect abnormality in the network, ability to collect, monitor, and report and ultimately keep employee and business information safe.
As fraudsters evolve to find new ways to identify vulnerabilities, it is crucial for law enforcement, governments, businesses, employees and the general public alike to also make the right decisions to protect their own security.