From Pwn2Own and the Zero Day Initiative, to its work tracking APT groups, Trend Micro’s worldwide work in cybersecurity has few rivals. Leading the company is CEO Eva Chen, who has been with it since its founding in 1988.
Chen talks with CyberScoop about what she’s seen over the past year, and whether humans will ever be fully taken out of the security equation.
CyberScoop: What’s the biggest thing the cybersecurity industry has improved upon in the last 12 months?
Eva Chen: One big improvement that the industry made was admitting that prevention cannot be 100 percent of the approach, and that shifting focus to detection and incident responses was necessary. The adoption of the STIX/TAXII industry standard is another big improvement, as it enhances industry collaboration by extending the capabilities of threat intelligence sharing.
CS: What’s the one thing the greater community can improve upon?
EC: Respect of digital privacy and digital rights.
CS: There is so much new tech out there with the advent of the Internet of Things, yet we are still trying to secure so much of our legacy tech. Will we ever reach a balance where things are secure by design that they will stay secure five, 10 years into their use?
EC: It’s an important goal, but it’s difficult to achieve completely. Everything is designed by human beings, and mistakes or vulnerabilities in design are hard to completely avoid. While the overall IT industry should work to improve on secure design and secure coding, a system of mitigating the possible compromises must still be in place to account for human error.
CS: We talk so much about security by design and taking the human out of the equation. Do you think we are making progress there? What more could the cybersecurity community to take away the error-prone human part of the equation?
EC: Humans use technology, and therefore, it is impossible to completely take humans out of the equation. Take phishing emails, for example. They are technically simple to make, and as long as receivers open the mail and believe the content, they’re very hard to prevent. Cybersecurity’s purpose is to protect users to create a safer digital world. It isn’t possible to completely remove human beings from the cybersecurity equation.