Skip to main content

Trend Micro's Simon Young: "Any data has value, and there will always be people trying to steal it”

Following our recent article on security firm Trend Micro hacking into the Automatic Identification System (AIS) used to guide global shipping, ITProPortal spoke to vice president and UK general manager Simon Young about his company bringing the fight against cyber criminals to the UK.

"We're here to bring the power of our global intelligence to bear in Britain," Young told us. "We need tools at the centre to defend ourselves against all kinds of emerging threats."

Trend Micro is a "vehemently independent" company, according to Young, and their pro bono consultancy work spans agencies as broad as Interpol, Europol, and the newly-formed NCA in the UK.

Its team of 1,200 researchers works to stay ahead of malicious parties, spotting trends in security before they develop into widely exploitable weaknesses. "We have to be" ahead of the curve, said Young, while acknowledging that security challenges are changing every day.

With "billions being lost due to cybercrime", Young argues that "UK PLC" needs to "make sure constructs are in place to ensure that information can continue to be exchanged."

That's why exercises and "wargames" like the Waking Shark 2 exercise - where the readiness of UK financial institutions to face a sophisticated cyber-attack was tested - are so crucial.

"With more and more intelligence being held outside the perimeter of companies' networks, IT security must evolve to cover multiple levels that may not be under our direct control," he told us.

And that isn't the only complexity involved. Young told us about how he was once corrected during a seminar, when he described threat discovery as "like finding a needle in a haystack". The quick respondent apparently replied "no, you're wrong – it's like finding a needle in a needlestack."

"That's the problem," Young told us. "It all looks good to us."

Whether the danger comes from command and control botnets, state-sponsored cyber-terrorism or lone hacktivists, all malicious behaviour will always disguise itself as legitimate activity, he said.

To combat these odds, Trend Micro uses a team of "Forward Looking Threat analysts" to perform assessment and pen-testing of vulnerable systems, such as the AIS.

In March of this year, Trend Micro even set up a number of "honeypots" mimicking crucial industrial systems such as those targeted by the Stuxnet worm, and logged attempted attacks as they came in.

"Basically, we're fighting the bad guys," Young said. "These people aren't cleverer than us, but they are very sophisticated, very persistent and very targeted."

"We're increasingly seeing businesses losing information that they didn't even realise had value. What business owners have to realise is that any data has value, and there will always be people trying to steal it."

The NSA and its PRISM spying scandal has also concerned many in the business world, according to Young. However, he was sceptical of the idea that some countries like Germany or Brazil would create "walled-off" sections of the Internet.

"The 'walled garden' idea has been around for some time," he said. "Our European cousins have been talking about keeping their Internet data within their shores for years, but it's too early to tell whether it will gain significance."

Trend Micro is also involved in keeping children and teenagers safe online, with their Internet Safety for Kids and Families scheme.

"Some people are of the opinion that it's completely safe, that 'it's just the Internet'," Young told us. "There's no age we shouldn't include in the online world, but people have to be aware that there's an implicit danger in sharing any personal information online."

So does Trend Micro have any more high-profile hacks on the horizon? Young isn't telling, but one thing's for certain: this is one security company you'll want to keep your eye on.

Simon Young is vice president and general manager UK at Trend Micro. He joined the company in 2009, and helped drive the company's growth into data centre security. He is is a frequent speaker at conferences and forums around the world.

Image: Flickr (MDGovpics)