Trend Micro CSO Warns of the Risks of Digital Extortion

After a 20-year career in the U.S Secret Service, Ed Cabrera joined Trend Micro in 2015, where he is now the chief cybersecurity officer, working with organizations to improve cybersecurity.

Among the multiple challenges enterprises around the world face are ransomware and business email compromise (BEC) attacks, which represent more immediate risk than other forms of attacks that are not quickly monetized by attackers. In a video interview with eWEEK, Cabrera provides his insights on the modern landscape of digital extortion and what organizations can do to mitigate some of the risks.

"Ransomware attacks have become much more pervasive and impactful," he said.

Ransomware, according to Cabrera, is part of a larger trend, which he refers to as digital extortion. Such attacks are not limited to enterprises but can also affect industrial facilities as well and have a more immediate impact than regular malware. Digital extortion attacks are a real threat to operations, he said.

"These types of attacks have changed the landscape. They are able to monetize attacks within minutes or hours, unlike a traditional data breach," Cabrera said.

The immediate nature of digital extortion attacks means that organizations need to prepare and respond more quickly than with a non-extortion type of data breach, he said.

Business Email Compromise

BEC attacks, in which attackers trick organizations into paying fraudulent invoices, are also becoming increasingly more common. A particular challenge with BEC attacks is that they typically do not have malicious links or malware, but rather rely on social engineering to get victims.

"[BEC] is an incredibly lucrative attack, but it's hard to defend against," Cabrera said.

Trend Micro has a product called Writing Style DNA that aims to help defend against BEC, by providing organizations with artificial intelligence-powered technology to spot email fraud. Cabrera said Trend Micro also backs the DMARC (Domain-based Message Authentication Reporting and Conformance) standard, which is an effort to help validate and improve email authenticity. While DMARC can help to combat BEC, Cabrera said that it's just one element to help limit risks.

Beyond just technology, Cabrera said training and awareness play a role in combating threats like BEC as well. In addition, simulation exercises that help educate and inform regular users and executives are also important, he said.

Overall, Cabrera said that as an organization, Trend Micro is always looking at the big picture, correlating and understanding threats from around the world. While individual threats do represent risk to organizations, a core part of Cabrera’s job is to take a macro view of the cybersecurity landscape, he said.

"[What] I look at and think about is not necessarily about one individual attack. It's about looking at the macro level and what kind of campaigns are going on, where are they going next and what can we do to get ahead of them," he said.

Watch the full video interview with Ed Cabrera above.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.