The attack surface is no longer confined to the four walls of an office or the devices of every employee. In reality, cybersecurity has become too complex for many enterprises to fully comprehend, and only few can deploy multiple security solutions to cover all bases.
Eva Chen, Co-Founder and Chief Executive Officer of Trend Micro, has been in the cybersecurity business for over three decades. She recently sat down with Frontier Enterprise to discuss her observations about the industry, the evolution of cyberthreats, and where the security market is headed in the near future.
Could you share a bit about your journey with Trend Micro?
I started as the founder and then became the CTO, focusing on technology and product development. In 2005, I took on the role of CEO, overseeing the entire business. But I believe our business mainly changed not because of my role, but due to the cybersecurity industry changing so quickly.
Thirty-five years ago, when I first came to Singapore, I attended the PC Expo. At that trade show, I was at the smallest booth, and I was the only one talking about security. Now, everyone is talking about cybersecurity. Over these 35 years that I’ve been in the industry, it has evolved rapidly. This is because technology is advancing at an unprecedented pace. Consider how long it took humans to progress from pen and paper to printing, and then from printing to computers. In just half a generation, we’ve developed the cloud, virtualisation, and AI. The speed of technological progress is accelerating, making cybersecurity increasingly important. The faster you develop technology, the more gaps and loopholes emerge, which attackers can take advantage of.
How do you see the evolution of the threat landscape, given that old foes like SQL injections have not really gone away?
More threats continue piling up, but the most important thing is understanding the customer’s environment. People like to adopt the newest technology but their environments are hybrid. At Trend Micro, we’ve been focusing on hybrid security. We must provide the best hybrid security for our customer, because their environment is hybrid.
We cannot just say, “We provide the best cloud or endpoint security.” You need to provide a path that covers customers’ entire environment, and correlates all these different types of information. Because hackers don’t see them as a block—they see it as a map. Cybersecurity needs to take a platform approach, understand that customers’ whole environment is a hybrid environment, and provide the best protection.
A lot of end users are already overwhelmed by the number of security products that they need to use. Do you think there will be some consolidation in the market, or will this fragmentation continue in the future?
Cybersecurity has two big parts: The first is policy enforcement, which includes things like firewalls, access control, and identity security. Security companies set these policies, and they need to be followed. For that part of security, a firewall is simply a firewall, access control is just access control, and encryption remains encryption. These elements can be distinctly defined and boxed.
The other part of security is what I call threat events. When an attacker attacks, they don’t care what your policy is. Therefore, consolidation needs to happen on the attack surface. In managing risk, particularly the threat events part, you need a platform approach to identify the weakest link in your customer’s environment and then implement the right security there. Otherwise, there will be no real change. That’s why Trend Micro recently launched Vision One, a platform dedicated to attack surface risk management. We enable our customers to see their entire attack surface and then assign a risk score, identifying which area is at highest risk. This could be due to a missing patch or where the most crucial information is located. Based on these risk scores, appropriate measures are taken to reduce the risk.
Finally, once you’ve done all this, you need to have an SOP. When you get attacked, what do you need to do? It’s crucial for the security operations centre to be aware of what measures and emergency actions are required. This process is what we refer to as operationalising zero trust. Zero trust is more than just a concept; it’s about how to operationalise it effectively. This involves more than just having firewalls, endpoint security, and network security in place. It requires constant monitoring due to the ever-changing nature of the environment. This means continuously assessing the biggest risks to your company and allocating the right resources at the right place.
How do you see the security industry evolve in the future with all these new technologies coming up?
I see it as a two-part evolution. The first is IT security, where everything is interconnected using TCP/IP. In this part of security, the focus needs to be on consolidating threat defence.
The other part is OT (operational technology) security, such as medical devices and SCADA systems. These don’t communicate via TCP/IP, but they are still vulnerable to attacks. Therefore, they require specialised cybersecurity technology. At Trend Micro, we’ve established a subsidiary, TXOne, specialising in smart technology and smart factories. We also have VicOne, focusing on electronic vehicle security, and CTOne, which specialises in 5G security. So how do you secure a radio wave communication channel?
For OT security, you need to have a specialised design for it. For instance, with VicOne, we work with car manufacturers to integrate security features directly into vehicles. It is impossible to ask car drivers to install security devices themselves – these are totally different ecosystems. That’s why I see IT security moving towards consolidation, whereas OT security is still in its early stages, and we need to be designing specialised solutions for those.