The second edition of the Security Barcamp organized by Trend Micro proves to be a very interesting meeting about IT related topics, both on a worldwide and on a more Italian-focused scale.

TM logo newtag stack 4c

Rik Ferguson, Trend Micro Vice-President, was the special guest of the event and, in an extended speech, he spoke about the three main threats in the IT field of the moment and which will be in the future.
The most important threat is ransomware for sure. The phenomenon boomed in 2015 and experienced a 400% growth in terms of attack typologies and available families during the following year. The new trend is to refine and improve the attacking techniques with a particular focus on selected business targets (whose data have an important value and can justify the payment of the ransom) and social engineering, which is at the basis of these attacks.

The second macro-area is about data breaches of company email accounts (in particularly managers and C-level executives), whose aim is to take control of internal communications, learn about confidential mechanisms and so on, and use such information for attacks and financial frauds.

Lastly, the third area with a significant growth rate is about so-called Exploit Kits, which are software tools used to craft Web attacks of different typologies. Similarly to ransomware, a themed dark market exists and is composed by developers -who develop malware- and clients -who pay for ready-to-use malware. Furthermore, Gastone Nencini (Italy Country Manager) added that there are even ‘companies’ specialized in offering malware and ransomware in a SaaS (Software as a Service) format.

Rik Ferguson then gave us an interesting cue about the relation between IT security and the new VR and ER (Virtual Reality and Enhanced Reality) and machine learning related technologies: a potential attacker can place himself between the user and his vision of the world -both real and virtual- and even influence the learning modalities of machines, so that he can lead to the choice of controversial decision.

The speeches by Gastone Nencini and Paolo Lezzi (InTheCyber CEO) dealt with the Italian situation with a focus on threats and how companies in our country would react in such cases.
With the help of real examples, Paolo Lezzi stated once more how so often the IT security budget is seen as a simple operational cost and not as an investment, which is quite unfortunate. He then highlighted the importance of being aware of the use of company tools, where training, maintenance and simulation/analysis of IT-related risks (ie penetration testing) are an important part of the game.

Both Rik Ferguson (international context) and Gastone Nencini and Paolo Lezzi (Italian context) agree in identifying the weakest and critical point of a IT security chain in the human factor, for it is the object of social engineering. Despite IT tools being more efficient and improved, the user is the underlying element of systems vulnerability, which can only be stemmed by means of a proper culture in terms of digital security and (own) identity in a company, home and scholar environment. Similarly, the approach to IT security problems mustn’t be limited to the consequential management of an emergence: it must become a structured routine.

About the Author

Lorenzo Bedin

Lorenzo graduated in Telecommunication Engineering and works as freelance IT consultant, after a period of training as systems analyst. Currently he provides hardware solutions, virtualized infrastructures and websites.

banner eng

fb icon evo twitter icon evo

Word of the Day

The term Edge Computing refers, when used in the cloud-based infrastructure sphere, the set of devices and technologies that allows...

>

The acronym SoC (System on Chip) describes particular integrated circuit that contain a whole system inside a single physical chip:...

>

The acronym PtP (Point-to-Point) indicates point-to-point radio links realized with wireless technologies. Differently, PtMP links connects a single source to...

>

Hold Down Timer is a technique used by network routers. When a node receives notification that another router is offline...

>

In the field of Information Technology, the term piggybacking refers to situations where an unauthorized third party gains access to...

>
Read also the others...

Download of the Day

Netcat

Netcat is a command line tool that can be used in both Linux and Windows environments, capable of...

>

Fiddler

Fiddler is a proxy server that can run locally to allow application debugging and control of data in...

>

Adapter Watch

Adapter Watch is a tool that shows a complete and detailed report about network cards. Download it here.

>

DNS DataView

DNS DataView is a graphical-interface software to perform DNS lookup queries from your PC using system-defined DNS, or...

>

SolarWinds Traceroute NG

SolarWinds Traceroute NG is a command line tool to perform advanced traceroute in Windows environment, compared to the...

>
All Download...

Issues Archive

  • GURU advisor: issue 18 - April 2018

    GURU advisor: issue 18 - April 2018

  • GURU advisor: issue 17 - January 2018

    GURU advisor: issue 17 - January 2018

  • GURU advisor: issue 16 - october 2017

    GURU advisor: issue 16 - october 2017

  • GURU advisor: issue 15 - July 2017

    GURU advisor: issue 15 - July 2017

  • GURU advisor: issue 14 - May 2017

    GURU advisor: issue 14 - May 2017

  • GURU advisor: issue 13 - March 2017

    GURU advisor: issue 13 - March 2017

  • GURU advisor: issue 12 -  January 2017

    GURU advisor: issue 12 - January 2017

  • GURU advisor: issue 11 -  October 2016

    GURU advisor: issue 11 - October 2016

  • 1
  • 2
  • 3
  • BYOD: your devices for your firm

    The quick evolution of informatics and technologies, together with the crisis that mined financial mines, has brought to a tendency inversion: users that prefer to work with their own devices as they’re often more advanced and modern than those the companies would provide. Read More
  • A switch for datacenters: Quanta LB4M

    You don’t always have to invest thousands of euros to build an enterprise-level networking: here’s our test of the Quanta LB4M switch Read More
  • Mobile World Congress in Barcelona

    GURU advisor will be at the Mobile World Congress in Barcelona from February 22nd to 25th 2016!

    MWC is one of the biggest conventions about the worldwide mobile market, we'll be present for the whole event and we'll keep you posted with news and previews from the congress.

    Read More
  • 1