Navigating the Cybersecurity Landscape: Five lessons from DECODE 2023: Resilience Rising

Trend Micro’s annual free-for-all cybersecurity conference made a triumphant return to face-to-face with the theme DECODE 2023: Resilience Rising. Over 700 attendees from various organizations and universities across the metro participated in the event held recently at EDSA Shangri-la Hotel. Jam-packed with multiple track sessions, panel discussions, and hands-on activities, participants were able to engage with leading cybersecurity experts on the topics of threats, data & privacy, skills & processes, and new technologies. 

Ryan Flores, Senior Manager of Forward Looking Threat Research, Trend Micro

Given the back-to-back cybersecurity issues faced by various organizations and businesses in the country in recent months, we’ve rounded up five key takeaways on cybersecurity as shared by experts: 

  1. Hackers are progressively getting more creative 

With the rapid innovation and evolution of technology, hackers are upgrading and evolving their strategies as well. One example is a virtual kidnapping scam wherein criminals take advantage of the easy access to audio, video, and images made available on social media. These are strategically timed for when the kids are at a daycare or school, and parents would receive video calls with their child’s face and voice, pleading for them to pay the ransom. Should they try to call them, the line would already be rerouted directly to the criminals utilizing AI-powered voice cloning tools to pose as their kidnapped child. To combat such innovative crimes, cybersecurity firms and professionals are also working on upgrading their systems and upskilling the workforce to build their resiliency. Jay Yaneza, Director of Managed Detection and Response at Trend Micro, mentioned during the DECODE panel discussion how companies and organizations are also maturing in their attitude towards cybersecurity. In acknowledging the risks and consistently adapting to the threat landscape, businesses and cybersecurity firms will better be able to stand their ground, no matter how ingenious the approach of threat actors. 

From L-R: Paolo Abrera, Host; Philip Casanova, Principal in SyCip Gorres Velayo & Co; Jay Yaneza, Director of Managed Detection and Response, Trend Micro; Robert McArdle, Trend Micro’s Director of Cybercrime Research for the Forward Looking Threat Research (FTR); Ivo De Carvalho Peixinho, Head of the Cybercrime Intelligence Unit, Interpol Cybercrime Directorate.

  1. Artificial intelligence can be our friend or foe 

With the emergence of artificial intelligence (AI), many are divided on whether it truly benefits society. AI can definitely be a helpful tool depending on how you utilize it, but that means that it can also be helpful for cybercriminals. Robert McArdle, Director of Forward-Looking Threat Research at Trend Micro, mentions in his keynote how there are already numerous forums among criminals dedicated to learning AI. With this, lower-level threat actors can easily move up to mid-level threat actors, and so on up the ladder until elite-level criminals eventually become finely-tuned criminal machines. So while cybercriminals—criminal novices to expert hackers—are already exploring the capabilities of AI for their advantage, cybersecurity firms and professionals are also doing the same to ensure that AI-assisted threats are detected early and are immediately addressed. 

  1. Our convenience is their convenience

While biometrics was initially believed to be a secure and innovative alternative to passwords, the internet has now become a platform for many to permanently leak their voices, faces, and fingerprints on a regular basis. While time has proven that businesses can make their processes easier through biometrics and facial recognition, it also brings in multiple security risks for users. Through stolen biometric data, many threat actors can easily access personal and private data of daily consumers, revealing sensitive information such as bank accounts, addresses, and more. In an age where your data defines who you are, it is crucial to be discerning regarding what apps and services have credible and trustworthy protection, and whether or not lending images of your face or even hands is worth the potential risk of a criminal stealing your fingerprints… or even your identity altogether. 

  1. Schedule that update for tonight —or ASAP 

In a case study presented during the track session entitled: When Good Intentions Fall  Short: Top 5 Cyber Resilience Failures, it was discussed how an organization experienced a ransomware attack that went undetected for 21 entire days, all because of an outdated security system. Most software that we use in our day-to-day life, from the system software of our phones and laptops to the software of our printers and graphics/multimedia applications, are consistently updated by developers. These updates aren’t just for show but for the very purpose of keeping up with the threat actors and building up your resiliency from attacks. This added protection and security is useless however if users don’t constantly update their devices and applications. Yaneza shares “The attacks that we’re seeing are a little bit faster nowadays… we used to be counting days, but now we’re counting hours.”. So, stop holding off that update and schedule it for as soon as possible!  

  1. While we can’t predict the future, we can prepare for it 

Cybersecurity has evolved significantly in recent years. In McArdle’s keynote entitled  Cybersecurity Threats in 2023, the top cybersecurity trends from the years 2016 to the present were discussed to better set the scene for what we can expect in the coming years. Cyber threats have evolved from simple email scams intended to get bank credentials and passwords to data breaches affecting the biggest organizations and institutions worldwide. These organized and complex crimes that once attracted media coverage for weeks at a time have now become so frequent, happening on an almost weekly basis today. The good news is that since most criminals focus on short-term and easy executions, cybersecurity professionals and security tools can use trends and predictions from reports like Trend Micro’s Mid-year Cybersecurity Threat Report, to always be two steps ahead of the game.  

Participants at DECODE 2023

The outstanding number of attendees at DECODE 2023 proves how much drive there is among local cybersecurity professionals to build up their organizations’ resiliency against the threats and trends mentioned above. With Trend Micro’s objective to make cybersecurity education accessible and to close the cybersecurity skills gap in the Philippines, initiatives like DECODE  leave participants with new perspectives and knowledge they can share with their own networks and organizations, and ultimately utilize to better protect from the ever-evolving threat landscape. 

Registered users on decodeph.com may view the different track sessions and discussions held at DECODE 2023: Resilience Rising on the website. Interested in attending DECODE 2024? Stay tuned to DECODE PH’s official website and socials for more news and updates on registration.