HP Innovation Journal Special Edition: Security | Page 6

H P S E C U R IT Y I N N OVAT I O N In order to stay ahead of attackers, we need to always be on the lookout for emerging and future trends in the threat landscape. To this end, we recently announced a new HP Security Advisory Board, a trio of outside experts with unique firsthand expertise in the world of hacking and the latest developments in security technology and strategies. In fact, business leaders, well-versed in this negative narrative, will spend more than $90 billion 4 on security in 2018 alone to protect their organizations. In this escalating threat landscape, endpoint devices are on the frontline. From healthcare to manufacturing, from transportation to the home, from agriculture to critical utility infrastructures, endpoint devices are the first line of defense or vulnerability for the data and resources we care about. They are the interface between the physical and digital world, and a prime target for cyber-attacks today, and likely will be for years to come. One example of the worsening threat landscape: we have been seeing a rise in firmware attacks, which are attacks on the software embedded in hardware that can provide an attacker with control over an entire system and which are undetectable by any security software. Even more worrisome, we are seeing an accelerat- ing trend in destructive attacks that target low-level firmware to disable hardware devices and render them inoperable on a large scale. This is key to understand, as attacker motivations should also drive how we think about defensive strategies. For example, the perpetrators of the biggest attacks of the last year were not just going after information, theft or ransom. They also sought to wreak destructive havoc on infrastructure. Worse still, 5 they sometimes succeeded in both efforts. Last year’s suite of so-called ransomware attacks, from WannaCry to NotPetya, were clearly aiming to cause destruction over financial extortion. Most important these attacks created a lot of “collateral damage,” hitting organizations indiscriminately, making them truly destructive at scale. To address this degrading threat environment, and new styles of attacks and attacker motivations, HP has been leading the industry in designing systems and devices with security built-in from the hardware up, to help protect, detect and remediate attacks, with mini- mal interruption to users. We call this “design for cyber-resilience:” designing hardware-enforced security from the lowest level of firm- ware of an endpoint device and working up through the software stack and even management solutions. Design for cyber-resilience is meant to ensure that devices are not only built with protections but that they can reliably detect suc- cessful attacks and recover from them. This is the approach that we have been developing at HP Labs, which is guid- ing us in the design of our business devices, from PCs to printers. The strategy is to not only offer state-of-the-art protections built in from the hardware up, but to include hardware-enforced detection capabilities, and the ability to recover to a good state when successful attacks occur.