Cybersecurity Landscape Navigation: Five lessons from DECODE 2023: Resilience Rising


Under the theme DECODE 2023: Resilience Rising, Trend Micro’s annual free-for-all cybersecurity conference triumphantly returned to physical gatherings.  The event, which was held recently at the EDSA Shangri-la Hotel, drew over 700 participants from various organizations and universities throughout the metro. Participants could interact with top cybersecurity experts on threats, data & privacy, skills & processes, and new technologies during the event, which was jam-packed with multiple track sessions, panel discussions, and practical exercises.

L: DECODE logo; R: Ryan Flores, Senior Manager of Forward Looking Threat Research, Trend Micro

Given the recent string of cybersecurity issues facing various organizations and businesses across the country, we’ve compiled a list of five key cybersecurity takeaways shared by experts:

1. Hackers are progressively getting more creative

With the rapid innovation and evolution of technology, hackers are upgrading and evolving their strategies as well. One example is a virtual kidnapping scam wherein criminals take advantage of the easy access to audio, video, and images made available on social media. These are strategically timed for when the kids are at a daycare or school, and parents would receive video calls with their child’s face and voice, pleading for them to pay the ransom. Should they try to call them, the line would already be rerouted directly to the criminals utilizing AI-powered voice cloning tools to pose as their kidnapped child. To combat such innovative crimes, cybersecurity firms and professionals are also working on upgrading their systems and upskilling the workforce to build their resiliency. Jay Yaneza, Director of Managed Detection and Response at Trend Micro, mentioned during the DECODE panel discussion how companies and organizations are also maturing in their attitude towards cybersecurity. In acknowledging the risks and consistently adapting to the threat landscape, businesses and cybersecurity firms will better be able to stand their ground, no matter how ingenious the approach of threat actors.

From L-R: Paolo Abrera, Host; Philip Casanova, Principal in SyCip Gorres Velayo & Co; Jay Yaneza, Director of Managed Detection and Response, Trend Micro; Robert McArdle, Trend Micro’s Director of Cybercrime Research for the Forward Looking Threat Research (FTR); Ivo De Carvalho Peixinho, Head of the Cybercrime Intelligence Unit, Interpol Cybercrime Directorate.

2. Artificial intelligence can be our friend or foe

With the emergence of artificial intelligence (AI), many are divided on whether it truly benefits society. AI can definitely be a helpful tool depending on how you utilize it, but that means that it can also be helpful for cybercriminals. Robert McArdle, Director of Forward-Looking Threat Research at Trend Micro, mentions in his keynote how there are already numerous forums among criminals dedicated to learning AI. With this, lower-level threat actors can easily move up to mid-level threat actors, and so on up the ladder until elite-level criminals eventually become finely-tuned criminal machines. So while cybercriminals—criminal novices to expert hackers—are already exploring the capabilities of AI for their advantage, cybersecurity firms and professionals are also doing the same to ensure that AI-assisted threats are detected early and are immediately addressed.

3. Our convenience is their convenience

While biometrics was initially believed to be a secure and innovative alternative to passwords, the internet has now become a platform for many to permanently leak their voices, faces, and fingerprints on a regular basis. While time has proven that businesses can make their processes easier through biometrics and facial recognition, it also brings in multiple security risks for users. Through stolen biometric data, many threat actors can easily access personal and private data of daily consumers, revealing sensitive information such as bank accounts, addresses, and more. In an age where your data defines who you are, it is crucial to be discerning regarding what apps and services have credible and trustworthy protection, and whether or not lending images of your face or even hands is worth the potential risk of a criminal stealing your fingerprints… or even your identity altogether.

4. Schedule that update for tonight —or ASAP

In a case study presented during the track session entitled: When Good Intentions Fall Short: Top 5 Cyber Resilience Failures, it was discussed how an organization experienced a ransomware attack that went undetected for 21 entire days, all because of an outdated security system. Most software that we use in our day-to-day life, from the system software of our phones and laptops to the software of our printers and graphics/multimedia applications, are consistently updated by developers. These updates aren’t just for show but for the very purpose of keeping up with the threat actors and building up your resiliency from attacks. This added protection and security is useless however if users don’t constantly update their devices and applications. Yaneza shares “The attacks that we’re seeing are a little bit faster nowadays… we used to be counting days, but now we’re counting hours.”. So, stop holding off that update and schedule it for as soon as possible!

5. While we can’t predict the future, we can prepare for it

Cybersecurity has evolved significantly in recent years. In McArdle’s keynote entitled Cybersecurity Threats in 2023, the top cybersecurity trends from the years 2016 to the present were discussed to better set the scene for what we can expect in the coming years. Cyber threats have evolved from simple email scams intended to get bank credentials and passwords to data breaches affecting the biggest organizations and institutions worldwide. These organized and complex crimes that once attracted media coverage for weeks at a time have now become so frequent, happening on an almost weekly basis today. The good news is that since most criminals focus on short-term and easy executions, cybersecurity professionals and security tools can use trends and predictions from reports like Trend Micro’s Mid-year Cybersecurity Threat Report, to always be two steps ahead of the game.

Participants at DECODE 2023

The outstanding number of attendees at DECODE 2023 proves how much drive there is among local cybersecurity professionals to build up their organizations’ resiliency against the threats and trends mentioned above. With Trend Micro’s objective to make cybersecurity education accessible and to close the cybersecurity skills gap in the Philippines, initiatives like DECODE leave participants with new perspectives and knowledge they can share with their own networks and organizations, and ultimately utilize to better protect from the ever-evolving threat landscape.

The various track sessions and discussions held at DECODE 2023: Resilience Rising are accessible on the website decodeph.com for registered users. Are you planning to attend DECODE 2024? For more information and updates on registration, keep checking the official DECODE PH website and social media accounts.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button