Trend Micro Incorporated - Experts & Thought Leaders

Trend Micro Incorporated, a global cybersecurity pioneer, revealed a continued annual decline in its Cyber Risk Index (CRI) score. The figure stood at an average of 38.4 for the year, down by 6.2 points from 2023. The data shows a clear trend that organisations leveraging proactive security approaches are seeing measurable risk reduction.  Proactive security with AI Rachel Jin, chief enterprise platform officer at Trend Micro: “Trend customers are embracing our vision for proactive security by using the AI-powered Trend Vision OneTM  Cyber Risk Exposure Management to identify risk and prioritise mitigations.”  “By getting on the front foot, they can build resilience, rapidly contain threats, and become more time and resource-efficient. It’s an approach that any organisation can emulate with the right mindset and tooling.”  CRI score declined CRI score declined from 42.5 in February to 36.3 in DecemberThe CRI score declined each month throughout the year, from 42.5 in February to 36.3 in December. While organisations remain in the Medium Risk zone, the continued decline in CRI scores reflects real progress in cyber risk reduction.  It highlights a growing shift toward continuous security assessment and risk-based decision-making.   Yearly report highlight Among the highlights from this year’s report are:  The report highlighted AI-assisted deepfake phishing, virtual kidnapping scams, and automated reconnaissance as key emerging AI threats Most risky events Risky cloud app access came top, followed by “stale Microsoft Entra ID account.” Rounding out the top 10 were email, user account and credential-related risks; many of them misconfiguration-related. Over one billion organisations were logged with multi-factor authentication disabled on Entra ID Accounts, highlighting a clear need for enhanced, automated identity security.   Average Mean Time to Patch (MTTP) The top detected and unpatched CVEs from 2024 were “high severity” Elevation of Privilege (EoP) vulnerabilities published in the first half of the year. Europe (23.5 days) and Japan (27.5 days) recorded the fastest MTTP of any region, while non-profits (19 days) and the technology sector (22 days) were the fastest verticals. Healthcare (41.5 days) and telecoms (38 days) were slowest. Trend offers virtual patches to protect customers on average three months before official vendor updates.  Industry breakdown Education, agriculture and construction had the highest CRI in 2024, singling them out as the most exposed sectors.  Regional breakdown Europe was the most improved region, recording a seven-point CRI reduction—possible as a result of regulatory pressure from NIS2 and DORA. The Americas and AMEA have room to improve, while Japan maintained the lowest average (34.3).  Ransomware LockBit, RansomHub, and Play ransomware were responsible for the highest number of reported breaches in 2024. According to Trend research, organisations with a CRI above average are around 12 times more likely to suffer a ransomware breach than those below average.   AI The report highlighted AI-assisted deepfake phishing, virtual kidnapping scams, and automated reconnaissance as key emerging AI threats. However, AI can also empower network defenders to better predict and prevent cyberattacks, such as via the industry-first security LLM Trend Cybertron.  Proactive steps for security Trend urges global organisations to embrace a proactive security approach  To further lower their CRI, Trend urges global organisations to embrace a proactive security approach by: Optimising security settings to maximise product features and get alerts on misconfigurations, vulnerabilities, and other risks. And leveraging native sensors/third-party sources to build a comprehensive view of the attack surface. Contacting the device and/or account owner when a risky event has been detected to verify and investigate using the Vision One Workbench search function.   Inventorying stale accounts to delete inactive and unused ones, disabling risky accounts, resetting passwords with strong credentials, and enabling multi-factor authentication (MFA).   Applying the latest patches or upgrading application/OS versions regularly.  Assessing cyber risk effectively Trend Vision One Cyber Risk Exposure Management uses its risk event catalogue to formulate a risk score for each asset type and an index score for organisations.  It does this by multiplying an asset’s attack, exposure, and security configuration by asset criticality. The result is an integer between zero and 100 that falls into one of three levels: Low Risk (0-30), Medium Risk (31-69) and High Risk (70-100).

SecuX, a blockchain security and cryptocurrency hardware wallet company, has announced its collaboration with Trend Micro, a global cybersecurity major firm, launching W20 Trend Micro edition cold wallet pre-loaded with Trend Micro ChainSafer blockchain reputation service. The W20 offers users comprehensive protection covering Web2 and Web3, enhancing authentication, anti-counterfeiting, and anti-fraud capabilities.  Users of the SecuX W20 Trend Micro edition cold wallet can enjoy one year of free ChainSafer security protection provided by Trend. By mitigating the risks associated with scams and security gaps in cryptocurrency and NFT transactions, users can more securely manage digital assets stored in Web3. The recently launched SecuX Nifty-X NFT cold wallet also comes with a free one-year ChainSafer premium service. Cryptocurrency trading risks continue to rise SecuX Technology has steadfastly committed to protecting users' digital assets in increasingly complex and volatile cryptocurrency trading. While full of potential, the market has witnessed a surge in illicit activities, including a staggering $100 million worth of NFTs stolen between July 2021 and 2022. Recognising these rising threats, SecuX has focussed on enhancing security and protection at all levels, pioneering the charge in developing blockchain security products and services. Author's quote SecuX has always prioritised security, striving to enhance protection and safety at all levels" Peter Chen, Chairman of SecuX Technology, addressed this commitment: "SecuX has always prioritised security, striving to enhance protection and safety at all levels, ensuring the development of the highest quality blockchain security products and services." He adds, "We are honoured to have the opportunity to leverage Trend's outstanding cybersecurity expertise built over the past 30 years, allowing SecuX users to manage their assets with peace of mind in a more secure environment and without worries, ultimately providing a better user experience." Phishing scams prevention and cold wallets Trend's global footprint and expertise in cybersecurity is a perfect ally for SecuX's emphasis on user security. Trend's Metaverse security program, led by Sam Ku, is designed to protect users against threats, particularly in the emerging Web3 environment. Sam underscores the evolving risks from viruses, fraud, and phishing, which threat actors continually exploit. Ku said, "From the inception of blockchain technology to the recent rise of the metaverse, Trend has been at the forefront of cybersecurity research to prepare for unforeseeable risks. We are excited to collaborate with SecuX. With Trend's cybersecurity expertise, we provide end-to-end protection from the first line of defense to securing cold wallet devices and safe-guarding cryptocurrency transactions."  Leveraging SecuX's unwavering commitment to secure digital asset management and Trend's cybersecurity expertise, this collaboration promises a safer future for users within the cryptocurrency space.  W20 Trend Micro edition hardware wallet W20 wallet comes with Trend Micro's exclusive ChainSafer blockchain credibility rating service Trend Micro ChainSafer Blockchain Reputation Service + Easy to Use Cold Wallet: Protecting Digital Assets Has Never Been Easier! SecuX and Trend Micro have collaborated to launch the W20 Trend Micro edition hardware wallet, focussing on providing users with enhanced security features. The W20 wallet comes with Trend Micro's exclusive ChainSafer blockchain credibility rating service, offering improved anti-counterfeiting and anti-fraud capabilities for Web2 and Web3 authentication. The wallet incorporates security features to eliminate security risks and human errors, such as storing the private key offline in an Infineon Secure Element chip, a large 2.8-inch touchscreen enabling hands-on clear-sign, and cross-chain support for over 10,000 cryptocurrencies and Ethereum NFTs. Compatible with existing antivirus software, the wallet offers an extra layer of protection. Trend Micro's ChainSafer blockchain reputation service W20 users will receive one year of free Trend Micro ChainSafer blockchain reputation service protection, while users of other SecuX wallets can download it for a fee. The two companies also plan to offer scam-alert services to users of the recently launched SecuX Nifty-X, the premium metallic edition of the world's first NFT hardware wallet, as well as the security-themed soulbound NFT project MnemonicX 2048. The W20 hardware wallet, powered by Trend Micro's ChainSafer blockchain reputation service, acts as a comprehensive antivirus engine for digital assets like cryptocurrencies, NFTs, and wallets. Trend also plans to introduce the ChainSafer browser, designed to block phishing websites, detect malicious sites or scam links, and display warning windows when users connect to websites, further enhancing cryptocurrency transaction security.

The Delta Electronics (Thailand) PCL new Plant 7 in Wellgrow Industrial Estate, Chachoengsao received the LEED (Leadership in Energy and Environmental Design) Gold certification in the New Construction category from the United States Green Building Council (USGBC). The certifications categories include Sustainable Sites, Energy & Atmosphere, Materials and Resources, Indoor Environmental Quality, Water Efficiency, Innovation in design, and Regional Priority Credit. For this green building, VIVOTEK specifically designed a comprehensive and scalable smart Industrial IP surveillance solution including cameras, POE switches, and a video management system to ensure employee and customer safety with layered 24/7 TrendMicro cybersecurity protection. Industrial surveillance system The new Delta Thailand Plant 7 green building is equipped with an advanced energy-efficient HVAC system, and building automation system and requires 24/7 security of the facility perimeter, resources, utilities, materials, infrastructures, and classified information to ensure employee and visitor safety. VIVOTEK team designed a total industrial surveillance system with comprehensive securityVIVOTEK team designed a total industrial surveillance system with comprehensive external and internal security to enhance employee and customer safety. This system includes security for the facility’s perimeter including fences, lights, and gates, secure data privacy, and critical infrastructures. Last but not least, user privacy is protected in the entire surveillance system. Comprehensive total solution VIVOTEK designed a total solution including IP cameras, NVRs, POE switches, and the VAST 2 VMS. The system has over 178 units of smart IP surveillance cameras including 5MP IB9387-HT Indoor/Outdoor Varifocal Bullet cameras, 5MP FD9187-HT Indoor Varifocal Fixed Dome cameras, 5MP FE9380-HV Indoor/Outdoor 360° Fisheyes. In addition, the system has POE switches, Outdoor POE cabinet switches as well as the VAST 2 VMS. VIVOTEK VAST 2 IP video management software meets the real-world needs of DET 7 Plant by providing easy operation on multiple monitors with Matrix Video Wall software and a custom layout to accommodate both corridor and panorama orientations. In cases of cybersecurity attacks, operators can execute rapid export of multi-channel videos from VIVOTEK cameras and NVRs substations. Efficient video management Cybersecurity attacks can be searched and replayed with the Event Search function Cybersecurity attacks can be searched and replayed with the Event Search function and be set as triggers in the Alarm Management function. In addition, Smart Search II allows users to search for specific objects or person-related videos. It also provides the option to draw a custom zone into focus in any critical area. Utilising automatic configuration wizards, VAST 2 can significantly reduce the time and cost of installing multiple camera surveillance systems. For efficient video management, VAST 2 also provides multi-layered, interactive 2.5D maps with sophisticated alarm management for full synergy in the Delta Plant 7 security management. Furthermore, VAST 2 is scalable for future add-on solutions including failover protection, IP Audio Network solution, TCP, and Data Magnet integration solutions. Cybersecurity on the edge As digitalisation advances, increased integration and convergence of Information Technology and Operational Technology makes assets vulnerable to cyber security incidents and attacks. VIVOTEK drives industry best practices in order to reduce security vulnerabilities in their products and solutions. TrendMicro, to provide network cameras with Trend Micro's anti-intrusion software VIVOTEK collaborated with cybersecurity software partner, TrendMicro, to provide network cameras with Trend Micro's anti-intrusion software. VIVOTEK’s cybersecurity solution meets industry protocols and constantly provides solid shields to increase protection from various cyberattacks. VIVOTEK brings high-security protection and robust network surveillance to ensure a safer network environment for Delta Plant 7. Resource optimisation solution VIVOTEK Smart Stream III enables cameras to optimise quality for desired regions and automatically adjust encoding, maximising bandwidth usage efficiency and lowering storage requirements while maintaining high image quality. It reduces bandwidth and storage consumption by up to 90% compared to H.264 and optimises resources effectively. As a global ESG pioneer and green building advocate, the new Delta Thailand Plant 7 is not only a remarkably efficient green building, but it is secure as well. By choosing customised VIVOTEK's surveillance total solution, Delta Plant 7 achieves both security and sustainability at a world-class level. With the brand spirit ‘Care - Concern for Others’, VIVOTEK collaborates with Delta Thailand and successfully provides a thorough IP surveillance solution to Plant 7 to achieve the next level of sustainability that benefits all occupants.

In the ever-evolving struggle between cyber offence and defence, attackers have almost always moved first. In the emerging domain of artificial intelligence, this pattern appears to be repeating itself. Yet, global cybersecurity pioneers appear disconcertingly disengaged. Just over half even agree that AI-driven attacks are set to become dramatically more complex and widespread. Equally concerning is the widespread apathy regarding AI’s role in expanding an already sprawling corporate attack surface. This is no small oversight. A recent global Trend Micro study showed that 73 percent of organisations have already suffered cybersecurity incidents due to unknown or unmanaged assets. In an era where digital blind spots are both common and consequential, hesitation is a risk few can afford. Security has to shift from reactive protection to proactive risk exposure management. The opportunity and the risk of AI Threat actors are now using jailbroken versions of legitimate generative AI tools such as ChatGPT The potential for AI to transform enterprise operations is enormous, but so is the risk. The warnings have been loud and clear. As early as the first quarter of 2024, the UK’s National Cyber Security Centre (NCSC) stated that AI would “almost certainly increase the volume and heighten the impact of cyber-attacks over the next two years.” Their prediction is proving accurate. Threat actors are now using jailbroken versions of legitimate generative AI tools such as ChatGPT, freely traded as services on the dark web, as well as malicious models like FraudGPT, built on open-source large language models (LLMs). These tools are no longer just about automating tasks; they are turbocharging the entire attack lifecycle. From more convincing phishing emails and precise target selection, to sophisticated malware creation and lateral movement within breached systems, AI is driving a step-change in threat actor capability. Integrating open-source models However, this is only one side of the coin. The other, often overlooked, is AI’s impact on the corporate attack surface. Even well-meaning employees can unintentionally expand organisational risk. The widespread use of AI-as-a-service tools like ChatGPT introduces significant shadow IT concerns, especially when sensitive business information is input without proper oversight. Data processing and storage practices for many of these services remain opaque, raising additional compliance concerns under regulations like the UK GDPR and the EU’s AI Act. For those organisations that choose to build or customise their own LLMs, the risks multiply. Integrating open-source models may expose businesses to vulnerabilities, misconfigurations and flawed dependencies. Each new tool and environment adds to the complexity of an attack surface already strained by remote work setups, sprawling cloud deployments, IoT ecosystems, and accelerating digital transformation programmes. Managing the expanding risk landscape Many have already shared security incidents where a lack of asset visibility was the root cause Many security pioneers do understand what is at stake. Nine in ten agree that effective attack surface management is tied directly to business risk. They cite a long list of potential consequences, disruptions to operations, reputational damage, declining competitiveness, strained supplier relationships, financial losses and reduced staff productivity. Many have already experienced security incidents where a lack of asset visibility was the root cause. Despite this recognition, however, the response remains largely inadequate. Fewer than half of global organisations use dedicated tools to monitor their attack surface proactively. On average, only a quarter of cybersecurity budgets are allocated to managing cyber risk exposure. Third-party risk management is similarly neglected: fewer than half of firms actively monitor their vendors for vulnerabilities. This inertia creates an obvious contradiction. Security pioneers understand the business implications of unmanaged risk, but they are not equipping themselves with the tools or processes to respond. That needs to change—and fast. How AI can help defenders take the lead There is good news: AI is not only a weapon for cybercriminals. It can also be a powerful ally for defenders, particularly in the field of Cyber Risk Exposure Management (CREM). The best tools in this category use AI to continuously scan an organisation’s entire digital footprint. They can automatically detect vulnerabilities, spot misconfigurations, identify rogue or shadow assets, and provide prioritised remediation recommendations. CREM platforms apply contextual filtering to reduce false positives and elevate the most urgent threats Intelligent algorithms can also analyse network behaviour to identify anomalies that could signal a breach in progress. Unlike traditional tools, which often drown analysts in noise, CREM platforms apply contextual filtering to reduce false positives and elevate the most urgent threats. For overburdened security teams, this enables a far more focused and effective response. However, the keyword here is “continuous.” The nature of today’s IT environments, especially in the cloud, is dynamic and fast-moving. Assets appear and disappear within minutes. Static, point-in-time assessments are no longer sufficient. Yet more than half of organisations still lack continuous scanning processes. This leaves them exposed to risks that might persist undetected for weeks or months. Overcoming barriers to adoption So what is holding organisations back? In many cases, it’s not the technology itself but the internal politics of investment. Security pioneers interested in CREM tools often prioritise real-time alerting, clear dashboards, and seamless integration with their existing environments. All of this is now achievable. The challenge lies in securing board-level support. Many security teams still work in silos, disconnected from the broader business Boards are often cautious when it comes to cybersecurity investment, particularly when immediate ROI is not clear. To gain their trust, security pioneers must learn to speak the language of business risk, not technical threat. They must frame cyber exposure in terms of reputational impact, regulatory liability, operational continuity, and investor confidence. There is also a cultural component. Many security teams still work in silos, disconnected from the broader business. This limits their influence and makes it harder to embed security as a strategic enabler. In the AI era, this divide must be bridged. Cybersecurity must become a board-level concern, and risk exposure must be treated as a fundamental operational issue. Time to act We are at a critical inflection point. The AI revolution is not on the horizon, it is already here. Threat actors are moving rapidly to exploit it, leveraging tools and techniques that were unthinkable just a few years ago. Meanwhile, organisations remain slow to respond. Too few are investing in the tools, processes, and people needed to manage their risk exposure effectively. AI can be used not only to attack but to defend. CREM tools powered by AI offer a powerful way to regain visibility, restore control, and build lasting resilience. They enable proactive rather than reactive security. And they help organisations align their cybersecurity strategy with their broader business objectives. Security teams have to elevate the conversation. They must advocate not just for new tools, but for a new mindset, one that treats cyber risk as an enterprise risk, and one that prioritises continuous visibility as a prerequisite for resilience.

Data was always bound to be a hot topic at this year's IFSEC International event. Artificial Intelligence (AI) has been a buzzword since last year's show. This year, manufacturers are ready to demonstrate solutions capable of processing and analysing large volumes of information to bolster security and provide business intelligence. Organisers deliberately positioned IFSEC as a converged security event, highlighting the inherent link between the security of physical assets and the security of data. In the wake of the recent passing of the European General Data Protection Regulation (GDPR), visitors to the London-based show sought reassurance that physical security systems could help them comply to stricter rules regarding the collection and protection of personal information. Analysing Big Data Seagate Technology, known for providing the surveillance industry with hard disk drives and storage solutions, showcased its Skyhawk AI hard disk drive, its first drive created specifically to enable artificial intelligence (AI) applications for video surveillance. Seagate's drive is designed for data-intensive workloads associated with recording large volumes of footage The drive is designed for data-intensive workloads associated with recording and analysing large volumes of video surveillance footage. According to Seagate's Sales Manager Andy Palmer, AI-enabled analytics at the edge can avoid the latency associated with cloud-based systems. This makes the solution suitable for smart city applications requiring 24/7 intelligence from multiple cameras.  The company also highlighted its strategic partnership with video surveillance provider Dahua Technology, with the latter seeking to leverage Seagate's technology to boost its own AI solutions. The Digital Barriers solution allows organisations to optimise how video data is transmitted depending on their particular needs Video transmission and privacy One manufacturer addressing the challenges of data transmission was Digital Barriers. The company demonstrated the integration of its EdgeVis Live platform with Milestone's XProtect video management system (VMS). The platform is designed for safe city applications, in which law enforcement and security professionals may need to stream incidents and events in real time over a limited bandwidth. The Digital Barriers solution allows organisations to optimise how video data is transmitted depending on their particular needs. For example, while some applications may favour a high clarity of video, others necessitate low data usage or a quick turnover of frames. The full, high quality video can then be downloaded later, meaning no intelligence is lost.While some applications may favour a high clarity of video, others necessitate low data usage or a quick turnover of frames The company also demonstrated its deep-learning facial recognition software, which can be used to identify suspects or vulnerable persons. To maximise accuracy, the deep learning system is trained on a wide range of images with varying angles and lighting. The solution is designed around data protection and privacy, explained Product Manager Fernande van Schelle, as all information is encrypted, and the system only identifies faces of known individuals on a pre-defined watch-list. Daniel Chau, Overseas Marketing Director at Dahua; Adam Brown, security Solutions Manager at Synopsys; Udo Scalla, Global Head Centre of Excellence - IOT Privacy, TÜV Rheinland Group GDPR for physical security professionals Dahua Technology addressed data protection concerns with an expert panel dedicated to the cybersecurity questions posed by the new European General Data Protection Regulation (GDPR). Speakers included Daniel Chau, Overseas Marketing Director at Dahua; and Adam Brown, security Solutions Manager at Synopsys. Chau explained that Dahua encourages customers to address cybersecurity by undertaking independent audits and penetration tests. Brown elaborated that for any organisation, cybersecurity must be a boardroom issue. Stakeholders must avoid a 'tick box' methodology for assessing cybersecurity, and instead integrate the concept into the company's overall strategy so that best practices can cascade through the organisation.Stakeholders must avoid a 'tick box' methodology for assessing cybersecurity  The panel also included insights from Udo Scalla, who specialises in data protection for IoT and smart home devices at TÜV Rhineland Group. Scalla proposed that manufacturers must avoid focusing on how best to capture data, and instead ask why the data is being collected, and whether it should even be collected in the first place. Integrators must ask why the customer intends to install the system, and what they want to do with the data – only then can they begin to assess the GDPR requirements. While the possibilities for collecting data are now endless, explained Scalla, not everything that is technologically possible ought to be made into a business reality. MOBOTIX highlighted its Cactus Concept cybersecurity campaign with a large blue cactus Protecting video surveillance systems Video surveillance manufacturer VIVOTEK also tackled cybersecurity, with a presentation on 'Security within Security.' The company showcased its partnership with cybersecurity software provider Trend Micro, which enables VIVOTEK to provide cybersecurity-enhanced cameras. The cameras include embedded anti-intrusion software to prevent and mitigate cyber-attacks by detecting hacking attempts and blocking the source IP address. Should a camera be compromised, explained Shengfu Cheng, VIVOTEK's Director of Marketing and Product Planning, it can be quarantined to stop the spread of the attack, thus controlling the damage and reducing the cost of the infection. The Cactus Concept campaign aims to educate partners and customers on how to build a cyber-secure video surveillance system Cybersecurity was also a key theme at the MOBOTIX stand. The stand played host to a large blue cactus, a very literal representation of the German manufacturer's Cactus Concept. The campaign, launched earlier this year, aims to educate partners and customers on how to build a cyber-secure video surveillance system. According to the concept, every element of the system, from image capture through to video management, must be encrypted. These are the digital "thorns" which prevent the entire system –the cactus – being compromised. Exhibitors at IFSEC 2018 made a conscious effort to address customers' challenges around the collection, transmission and protection of security system data. As solutions become more powerful, with increasing numbers of connected sensors, this is a theme which is unlikely to go away anytime soon.