Partnerships boosting cybercrime response but it's still key to “think like a criminal”: security research director
- 01 June, 2015 09:17
The joining of forces between previously competitive security firms has fundamentally transformed the anti-malware process and facilitated a much stronger response to surging cybercrime, according to the head of Trend Micro's specialised cybercrime research facility.
Those partnerships rapidly grew from an experiment to a fundamental part of the security response as it became clear years ago that no one company was going to be able to maintain a comprehensive security response, Manila-based TrendLabs research director Myla Pilao told CSO Australia during the company's recent Cybercrime 2015 event in Melbourne.
“We used to live in one big ecosystem with direct antivirus competitors, security solutions people, or people who live in the hardware and software,” she explained. “In the past it was about who could find a new signature first, but we all know that's not the game anymore.”
“Today we do a lot of collaboration as well,” she continued. “We work with a lot of these vendors to make sure that we give them what we see from our intelligence and research. If they're able to stop the attacks and find a patch, it's easier for all of us.”
Such collaboration has also facilitated Trend Micro's partnerships with the likes of INTERPOL, which has built progressively tighter relationships with the security industry and academia to support its mission in helping law-enforcement authorities around the world deal with new online threats.
Those partnerships often provide new insight for security researchers for whom many attacks have long been abstract concepts: “When we're working together with law enforcement, it's a much different perspective,” Pilao explained.
“It's a real company on its knees, it's a real child being abuse. You see a humanised version of the attack, and that helps you understand the context and the intelligence needed to stop it.”
The collaborations have already delivered real outcomes for anti-malware forces: in April, for example, a joint effort between Trend Micro, INTERPOL, Kaspersky Lab, and the Cyber Defence Institute saw the takedown of the SIMDA botnet, a botnet that had claimed victims in 190 countries.
Such actions become possible not only through the pooling of data – Trend Micro, for example, contributed information such as the IP addresses of detected botnet command-and-control servers – but are helped along as ever-broader brains trusts apply their lateral thinking to the changing threat landscape.
“The innovation of new technologies and new threats are moving side by side, and the people behind it are supposed to be guarding us,” Pilao said. “So skills building is very important: you really have to think like a criminal.”
Many criminals are thinking long and hard about mobile devices these days, with the endpoint devices “one of the biggest problems in the security world,” Pilao said. “Sometimes we underestimate the gadget technology, but the truth is that they are becoming one of the most favoured vector points right now. In the past, we only thought about desktops and servers as being attacked – but with cloud and third parties and so on, there are more points to entry now.”
Trend Micro maintains more than 1000 threat researchers and support engineers in research centres in 13 countries around the world, allowing its researchers to respond to local threats such as Australia's particularly high susceptibility to ransomware.
“We realised very early on that a lot of threats were local,” Pilao said. “It doesn't really matter if they are, but it does help if you are able to understand the market, the lifestyle, and how the culture weaves with the digital part. It makes attacks easier to anticipate.”
Yet despite their value in facilitating better collaboration between security-industry players, the partnerships are also becoming increasingly important because competition for the limited pool of skills is becoming increasingly intense.
A recent survey by industry body ISACA highlighted the magnitude of the skills gap, with 35 percent of respondents confirming they had security-related job openings that they cannot fill. More than half of respondents to that survey said that less than 1 in 4 applications for security-related roles was qualified for their requirements.
In a firm like Trend Micro – where the success of Pilao's organisation depends on winning and keeping well-qualified security specialists – such figures pose a particular sort of problem.
That problem is compounded by a lack of security training in local university courses that means “we have to teach [new hires] from the ground up,” she said. “This has become a really challenging part of the market from the Labs' perspective, because these are very premium skills.”
Those skills are in such high demand – with a net migration of security talent particularly from the Asia-Pacific region to high-paying jobs in European organisations – that “organisations often want that level of skill to be transferred to the organisation for protection, and it becomes very difficult to keep them.”
“This is great for the security industry employability index,” Pilao added, “but it's a very expensive education – and very challenging to maintain them.”