We had the pleasure of speaking with Myla Pilao, Global Director for Technology Marketing at Trend Micro, who shared her experience as a visionary leader with profound experience in multiple streams, her thoughts on Trend Micro’s recently revealed cybersecurity predictions for 2023, the practical measures that companies can take to safeguard themselves against business email compromise (BEC) scams, and some practical tactics that may be used to shield organizations from malicious users.
Myla Pilao leads security research communications at TrendLabs, Trend Micro’s Research and Development Center. She heads the division of the company that monitors the security threat landscape, including high-profile attacks like advanced persistent threats (APTs) and prevalent digital security threats like mobile, cloud, and critical infrastructure. She oversees a team that monitors and manages critical incidents and developments in the threat landscape. Myla is a strategic communications expert with over 10 years of experience as a security spokesperson and evangelist. She has since handled numerous public and media engagements in Europe, Asia Pacific & the Middle East, where she shares awareness and insights on digital threats and their real-world impact, along with countermeasure strategies for the computing public.
Myla is also an active supporter and advocate for the protection of children’s online and international movements of stopping the online commercial distribution of inappropriate images of children. Myla holds a Master’s Degree in Business Administration from the National University of Singapore. She earned her Bachelor’s Degree in Arts and Letters, majoring in Communication Arts, from the University of Santo Tomas.
How will you describe your experience as a visionary leader with profound experience in public relations, marketing, media and communications, and supporting international organizations on cyber defense intelligence and child protection?
After more than two decades of working in the industry, I continue to believe that cybersecurity can be a force for good. I am passionate about bridging technology, security, and empathy, and consider myself fortunate to work with a team of researchers and story makers who have front-row seats to the latest trends in technology. From modern robots and complex industrial machines to big data and machine learning, we are constantly looking into how threats and security risks can escalate. Cybersecurity is integral to the fabric of our modern business and infrastructure. We know that millions of people enter this space on a daily basis, from very mature security-conscious individuals to the most naive and vulnerable, including children. That is why we have no room for complacency and must continue to discover, innovate and take chances to make the road to our current and future digital journey smarter and safer for everyone.
What do you think about Trend Micro’s newly revealed cybersecurity predictions for 2023? How can these trends aid in protecting companies on several fronts?
Our focus more than identifying emerging security risks and trends is to determine ways to improve and respond to modern threats. For this year’s predictions, I am amazed and unbelievably proud of our team’s work and the collective expert insights of our Trend Micro research leaders. Predicting the future isn’t easy – a careful analysis of attack vectors and techniques is needed to gaze ahead and analyze forecasts.
This year, we’ll see businesses and employees adapting to this post-covid environment as they continue using a hybrid work model. Moreover, organizations have gone through a radical and rapid transition, so preparing for the risk of an expanding attack surface is more important than ever. As we outline potential security threats and risks in detail, we hope it will spark a wave of recalibration of security practices and policies that will help organizations redefine their business priorities, keeping security at the center of all activities.
What are the efficient tactics that businesses can use to protect themselves from business email compromise (BEC) scams?
BEC is one of the attacks that cybercriminals continue to adapt by combining recycled techniques with a modern toolbox, resulting in a 20% increase in this type of attack. To curb BEC challenges, organizations can use a two-pronged approach:
Don’t just trust but verify – organizations should empower and enable their user not just with education but with tools on how to carefully scrutinize emails, communication, and files. Create a culture of security compliance that provides a way to verify, report and isolate the issue.
The use of advanced security solutions is imperative – BEC continues to evolve rapidly, and organizations that have the capability to use artificial intelligence (AI) and machine learning to defend against BEC are advisable.
What are some effective strategies that may be used to protect organizations from cloud ransomware as more companies are storing their crucial data there?
There has been a constant rise of ransomware deployment mostly in organizations as they deepen their cloud adoption and usage. We have already observed threat actors targeting cloud infrastructure and platforms like TeamTNT. Therefore, organizations are being encouraged to upgrade their cloud visibility and monitoring strategy.
The security teams should have better access and knowledge of what critical data/values/services are within their cloud infrastructure. Having access to timely information and the right protection tools to mitigate potential risks is key.
One of the core problems in ransomware attacks is initial access. Therefore, having a solid solution and process to combat initial access must be prioritized over combating ransomware alone.
Measures such as hardening internal and external systems, vulnerability management, and tailored fit solutions in addition, are additional effective strategies that can be used to protect organizations from cloud ransomware.
How can we defend our home VPNs against malicious users? And what are the benefits of Zero trust strategies?
Stop piecemeal solution – as our enterprise perimeter extends beyond the corporate environment, primarily in the wake of remote work, it is key to provide a holistic solution that focuses not on the traditional workspace parameter, but rather on data tracking and protection. Solutions and practices should accommodate the needs of both in-office and at-home employees with a zero-trust approach.
Never trust, always verify – Zero trust strategies are built on “never trust, always verify” principles to minimize damage without sacrificing productivity and business continuity.
Lastly, don’t burden IT /security defenders by flooding them with daily alerts. It’s crucial to have greater visibility into all organizational assets and ways to centrally manage protection across multiple environments, networks, and operating systems.
Trend Micro Security Predictions: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2023