Trend Micro’s Robert McArdle: ‘Assume you are already compromised’

26 Apr 2019

Robert McArdle. Image: Trend Micro

Trend Micro director Robert McArdle recommends the best security posture for enterprises at a time when machine learning can have massive implications for security.

Robert McArdle is director at Trend Micro and leads the company’s Forward-Looking Threat research team where he is involved in analysing the latest cybercrime threats. He specialises in researching the future threat landscape, open source intelligence and coordinating investigations with international law enforcement.

He also lectures in malware analysis and cybercrime investigations on MSc modules at Cork IT and University College Dublin.

McArdle will be delivering a keynote speech at the it@Cork annual Tech Summit, which is taking place in Cork City Hall on 9 May.

Tell me about your own role and responsibilities in driving tech strategy.

In essence, the team are the scouts for Trend Micro, researching where cybercrime and internet-connected technology will evolve to over the next one to three years, and advising the product teams so that Trend Micro can stay one step ahead of the criminals. We are also the main team for collaboration with law enforcement, and we have helped on several successful arrests of cybercriminal actors.

Are you spearheading any major product/IT initiatives you can tell us about?

My team is focused on the research side of our business, as opposed to our product development. Recently we have been concentrating in particular on the continually emerging risk of internet of things (IoT) and industrial IoT security.

How big is your team? Do you outsource where possible?

Our team is a global team of researchers spread across 14 countries. We do this to both have the best researchers we can anywhere in the world, but also to have a deeper understanding of the different variations of cybercrime attacks happening in each region. The impact of cybercrime can depend on geographic location – what effects somewhere like the US can be very different from what effects Brazil, for example.

What are your thoughts on digital transformation and how are you addressing it? What big tech trends do you believe are changing the world and your industry specifically?

I think both of these questions can be answered in one, as they are closely related in our field. Without a doubt, two of the biggest trends we see today are in IoT and machine learning. More of our lives and traditional devices are being connected or made ‘smart’ than ever before, but security is rarely anything but an afterthought in the design of these devices. That is opening up whole new avenues of attack and vulnerabilities in both organisations and in society in general. This is something we did not have to contend with in the past, but now we have realised that … crimes committed in the cyber world can have real and significant impact on the physical world.

On the other side, machine learning is an incredibly powerful technology that has massive implications for security and, unfortunately, also for undesirable offensive action. So far, it has mostly been deployed on the defensive side of security by companies like Trend Micro, but in the near future we would not be surprised to see more criminal uses of the technology, particularly if we don’t adopt the process and procedure to protect against it.

In terms of security, what are your thoughts on how we can better protect data?

There is no simple answer for this complex question because the answer will always be: ‘It depends.’ It depends on your organisation, your risk profile and the likely attackers who would target you – so there are few pieces of advice that are universally useful. Some things can help everyone, though.

  • Firstly, I would recommend people to properly assess what they are trying to protect. So often, I have seen organisations focus their efforts on protecting things that are not the critical part of their business
  • Secondly, you should then really assess what categories of attacker are likely to target your organisation, and plan your defences accordingly
  • And lastly, it is always a good idea to assume that you are already compromised, and to operate your networks with that thought firmly in mind

That last one may be depressing, and it’s not to say that having good security solutions in place will not defend you from attack – they absolutely will. But by proactively always looking for signs of compromise, you raise the grade on your security. So, it is important to have the leading tools to be able to monitor and discover that.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years