Partnerships boosting cybercrime response but it's still key to “think like a criminal”: security research director

The joining of forces between previously competitive security firms has fundamentally transformed the anti-malware process and facilitated a much stronger response to surging cybercrime, according to the head of Trend Micro's specialised cybercrime research facility.

Those partnerships rapidly grew from an experiment to a fundamental part of the security response as it became clear years ago that no one company was going to be able to maintain a comprehensive security response, Manila-based TrendLabs research director Myla Pilao told CSO Australia during the company's recent Cybercrime 2015 event in Melbourne.

“We used to live in one big ecosystem with direct antivirus competitors, security solutions people, or people who live in the hardware and software,” she explained. “In the past it was about who could find a new signature first, but we all know that's not the game anymore.”

“Today we do a lot of collaboration as well,” she continued. “We work with a lot of these vendors to make sure that we give them what we see from our intelligence and research. If they're able to stop the attacks and find a patch, it's easier for all of us.”

Such collaboration has also facilitated Trend Micro's partnerships with the likes of INTERPOL, which has built progressively tighter relationships with the security industry and academia to support its mission in helping law-enforcement authorities around the world deal with new online threats.

Those partnerships often provide new insight for security researchers for whom many attacks have long been abstract concepts: “When we're working together with law enforcement, it's a much different perspective,” Pilao explained.

“It's a real company on its knees, it's a real child being abuse. You see a humanised version of the attack, and that helps you understand the context and the intelligence needed to stop it.”

The collaborations have already delivered real outcomes for anti-malware forces: in April, for example, a joint effort between Trend Micro, INTERPOL, Kaspersky Lab, and the Cyber Defence Institute saw the takedown of the SIMDA botnet, a botnet that had claimed victims in 190 countries.

Such actions become possible not only through the pooling of data – Trend Micro, for example, contributed information such as the IP addresses of detected botnet command-and-control servers – but are helped along as ever-broader brains trusts apply their lateral thinking to the changing threat landscape.

Read more: Security Watch: Trend Micro Joins INTERPOL Botnet Takedown at INTERPOL World 2015

“The innovation of new technologies and new threats are moving side by side, and the people behind it are supposed to be guarding us,” Pilao said. “So skills building is very important: you really have to think like a criminal.”

Many criminals are thinking long and hard about mobile devices these days, with the endpoint devices “one of the biggest problems in the security world,” Pilao said. “Sometimes we underestimate the gadget technology, but the truth is that they are becoming one of the most favoured vector points right now. In the past, we only thought about desktops and servers as being attacked – but with cloud and third parties and so on, there are more points to entry now.”

Trend Micro maintains more than 1000 threat researchers and support engineers in research centres in 13 countries around the world, allowing its researchers to respond to local threats such as Australia's particularly high susceptibility to ransomware.

“We realised very early on that a lot of threats were local,” Pilao said. “It doesn't really matter if they are, but it does help if you are able to understand the market, the lifestyle, and how the culture weaves with the digital part. It makes attacks easier to anticipate.”

Read more: ACSC goes silly on cybersecurity as public outreach campaign hits YouTube

Yet despite their value in facilitating better collaboration between security-industry players, the partnerships are also becoming increasingly important because competition for the limited pool of skills is becoming increasingly intense.

A recent survey by industry body ISACA highlighted the magnitude of the skills gap, with 35 percent of respondents confirming they had security-related job openings that they cannot fill. More than half of respondents to that survey said that less than 1 in 4 applications for security-related roles was qualified for their requirements.

In a firm like Trend Micro – where the success of Pilao's organisation depends on winning and keeping well-qualified security specialists – such figures pose a particular sort of problem.

That problem is compounded by a lack of security training in local university courses that means “we have to teach [new hires] from the ground up,” she said. “This has become a really challenging part of the market from the Labs' perspective, because these are very premium skills.”

Those skills are in such high demand – with a net migration of security talent particularly from the Asia-Pacific region to high-paying jobs in European organisations – that “organisations often want that level of skill to be transferred to the organisation for protection, and it becomes very difficult to keep them.”

“This is great for the security industry employability index,” Pilao added, “but it's a very expensive education – and very challenging to maintain them.”

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags ISACATrendLabsMyla PilaoCybercrime 2015 eventanti-malwareSIMDAsecurity researchcybercrimekaspersky labonline threatsinterpoltrend micro

More about CSOISACAKasperskyTrend Micro

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts