Ed Cabrera, Chief Cybersecurity Officer at Trend Micro, discussed cybersecurity and the rapidly evolving cyber threat landscape during his presentation to Argyle's CIO membership at the 2018 CIO Leadership Forum: Data Strategy & Innovation in San Francisco on Feb. 13. In his presentation, "The Ever Evolving Threat Landscape – From Cybercrime to Cyber Espionage," Cabrera offered recommendations to help organizations safeguard their networks, data and end users against cyberattacks.
WannaCry and other cyberattacks made headlines in 2017. These cyberattacks caused major problems for many organizations around the globe. In addition, the cyberattacks raised questions about how organizations prepare for cyberattacks and their cybersecurity protocols and systems.
No organization is immune to cyberattacks. Yet few organizations understand exactly what to do to identify and address cyberattacks before they escalate. And without the proper cybersecurity strategies in place, organizations risk breaches that may result in data loss, brand reputation damage and other problems.
"Cybercriminals do what they do because they know it works and they know it makes money."
Now, cybercriminals are increasingly using digital extortion via ransomware-as-a-service. This approach enables cybercriminals to quickly launch ransomware attacks against organizations – regardless of size or industry – and extort these organizations in the hopes of collecting a ransom.
"Cyberattacks and the impact of cyberattacks is creeping upward and to the right in terms of digital extortion," Cabrera stated.
Organizations must allocate time and resources to understand the perspective of cybercriminals. That way, organizations can understand why cybercriminals launch attacks and plan accordingly.
"We want to understand what's going on in the criminal underground because that's really what drives cyberattacks today," Cabrera noted. "If there was no place for cybercriminals to buy and sell their wares, there would be no cyberattacks today."
Today's cybercriminals leverage state-of-the-art technologies to infiltrate organizations. Cybercriminals are dedicated to their craft, and as such, will do whatever it takes to exploit organizations for profit.
Organizations must keep pace with cybercriminals. Otherwise, organizations risk costly, time-intensive breaches that may put their customers and employees in danger.
"Cybercriminals do what they do because they know it works and they know it makes money," Cabrera noted.
Furthermore, cybercriminals are using various technologies to develop advanced ransomware to sell to other criminals. This enables cybercriminals to purchase new ransomware and use it to launch instant cyberattacks against organizations.
"Right now what we have is crime-as-a-service. It consists of services provided by criminals, to criminals," Cabrera said. "Digital extortion removes all of the middle men … and has led to criminal start-up companies that create services for other cybercriminals."
Digital extortion attacks may increase in size and frequency in the years to come. Organizations that plan ahead for these attacks, however, may be better equipped than ever before to prevent breaches.
"Digital extortion removes all of the middle men … and has led to criminal start-up companies that create services for other cybercriminals."
Organizations must deploy cybersecurity tools that offer proactive monitoring and alerting. By doing so, organizations can identify a cyberattack in its early stages and mitigate its effects before they extend across all departments.
Teaching employees about different types of cyberattacks and how to address these attacks can have far-flung effects on an organization too. If workers can identify the initial signs of a cyberattack, they may be able to quickly notify key stakeholders about the incident. Then, an organization can take the necessary steps to resolve a cybersecurity incident before it gets out of hand.
It is essential for organizations to stay up to date on new ransomware families as well. Ransomware-as-a-service is becoming prevalent worldwide, and organizations that remain informed about different types of ransomware can take steps to secure their sensitive data against these threats.
"Unique ransomware is being created just about every day," Cabrera pointed out. "Ransomware attacks are being launched primarily through email … because cybercriminals know these attacks are effective."
Although new ransomware families become available regularly, organizations must realize that not all of these families work the same way. Conversely, ransomware families constantly evolve, and cybercriminals regularly update their attack methods much in the same way that organizations frequently upgrade their security solutions.
"Not all ransomware families are created equal. They go up and down based on capability, and if ransomware is not well-engineered, cybercriminals will get rid of it or modify it," Cabrera said.
How an organization addresses the evolving threat landscape may have major ramifications on its immediate and long-term success.
If an organization takes a security-first approach, it may be able to proactively resolve cyberattacks. Comparatively, an organization that fails to prioritize cybersecurity risks substantial damage.
For today's organizations, cybersecurity cannot be ignored. Instead, organizations must do everything they can to limit the risks associated with cyberattacks. Organizations also must go above and beyond the call of duty to safeguard sensitive data against evolving threats.
Eduardo E. Cabrera is a trusted advisor and a proven cybersecurity leader. He is responsible for analyzing emerging cybersecurity threats to develop innovative and resilient enterprise risk management strategies for Fortune 500 clients and strategic partners. Before joining Trend Micro, he was a 20-year veteran of the United States Secret Service with experience leading information security, cyber investigative, and protective programs in support of the Secret Service integrated mission of protecting the nation’s critical infrastructure and its leaders.
Recently, he served as the Secret Service CISO where he was responsible for establishing and maintaining a global information security and data privacy program to protect Secret Service data information assets and systems. He led a team of Information System Security Officers and Compliance Specialists to develop and deploy continuous risk assessment and mitigation programs and policies critical to protecting the Secret Service enterprise.
Mr. Cabrera started his career in the Secret Service in Miami, Florida where he worked on and led major cyber crime investigations against criminal groups that targeted financial and retail sectors. He moved on to Washington D.C. to proudly serve on the Presidential Protective Division for President George W. Bush and then transitioned to the Secret Service Criminal Investigative Division. There he led cyber forensic operations in support of Secret Service large-scale data breach investigations and served as the Secret Service Advisor to the National Cybersecurity & Communications Integration Center (NCCIC). At the NCCIC, he was responsible for identifying, analyzing, and sharing malicious data breach indicators derived from active Secret Service investigations and worked closely with Department of Treasury, the Financial Services Sector Coordinating Council (FSSCC), and the Financial Services Information Sharing and Analysis Center (FS-ISAC) to create public/private threat intelligence sharing strategies and programs to combat data breaches targeting the financial sector.
He is a guest lecturer at New York University Polytechnic Institute, Computer Science and Engineering Department and was a contributing subject matter expert on law enforcement; cyber security strategy and policy; and computer forensics and network intrusion incident response for the 2014 Risk and Responsibility in a Hyperconnected World; 2012 Homeland Security Advisory Council Task Force on Cyber Skills Report; and 2012 Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector. He is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA).