Securing the endpoint from dangerous cyber threats – In the Boardroom

Why is HP raising awareness about PC and printer security? What advice would you give to businesses as regards protecting these devices?

We continually try to raise awareness about security. It’s not new, but it seems new because historically, before Hewlett Packard Enterprise and HP split, most of the people who wanted to hear about security were systems administrators managing servers, storage and networking – that’s where a lot of the threats were coming in.

In the past couple of years, the threat and the breaches on servers and networks have actually declined. But where breaches have dramatically increased is on endpoint devices: anything that connects to a network or server such as a notebook, desktop, tablet or smartphone. So, we thought it was time to talk about something we had been doing for a number of years – two decades in fact.

>See also: Time is money – efficiently securing your company’s endpoints

What can be done about securing endpoint devices?

71% of breaches today originate from endpoint devices. If you’re talking about printers, for example, you can talk about making sure the documents being sent are secure. We secure documents and we secure data.

Printers today have hard drives, keyboards and screens; they’re basically computers. So on our printers and PCs we secure the data both as it sits there in a steady state and as it is transferred between devices through USB ports. That is not something everyone in our industry does.

We do IV protection, which is pretty standard. But the one key area we really focus on – and we’re trying to bring it to light so that people understand what we do – is a BIOS level, a firmware-level security, which nobody actually has, either on print or PC at the moment. I’m sure that will follow at some point.

Now in its third generation, what it does is detect a threat and actually self-heal the system. In the first generation, however, this would only happen when the PC was turned on. Now I’m mobile, I come in on Monday and I turn my computer on and leave it on hibernate.

>See also: Controlling endpoints to secure SMEs against increasing threats

The first generation system would only let me know something was wrong once I turned it off and back on again, which could be a week later – that is not good enough. Now, with gen three, we’ve got run time protection on it, so at any second that I am breached, it will detect that and override the BIOS to the last good-state BIOS that’s in there, and it will do it without me knowing.

It will obviously ask me for a reboot, but this is the difference between cyber protection and cyber resilience. Protection is one thing, but I think if you’re smart enough, you’re going to realise that you’re not going to be 100% protected. At your house, you can have man alarm, and bars and locks on the doors and windows, but at some point, if there’s something worth stealing, somebody will get in.

The issue now is once they’re in how quickly you can throw them out, and how quickly you can secure your data and information. This firmware is not only about protection, but it also cleans and restarts. So, the resilience part is what’s critical and what we are working on in security. It’s something that no competitors on print or on PC have at the moment.

Nick Lazaridis, EMEA president of HP Inc
Nick Lazaridis, EMEA president of HP Inc

How important will it be for competitors to adopt security programmes like this as data protection laws become more stringent?

Our view is that it is absolutely critical. I’m no expert on GDPR at the moment, but I know it is coming in next May. The scary bit is that fines will equate to 4% of global revenue, so a firm that generates $1 billion of revenue would be susceptible to a $40 million fine.

At this point, things start to get a little bit wild for a lot of companies that in the past haven’t really considered security as an issue. We’ve been shocked when we’ve gone out and spoken to some large organisations that have not engaged with anyone on security, but they are coming round now.

>See also: Micro-virtualisation redefines endpoint security

I think it is critical that we do it. We see ourselves as innovation leaders in industry. We’ve been around for 75 years, and we’ve innovated in both print and PC. We see ourselves as custodians of this industry on security, and competitors will follow.

Competition isn’t a bad thing – we want to compete on a fair and level playing field – but we need everyone in the industry to wake up and understand how critical security is moving forward. Things like GDPR are going to force people’s arms into taking action, because if not then there are serious privacy and financial implications.

So will competitors do the same thing?

I don’t know; everyone has a different implementation. The fact remains that, technologically, the safest place to start the security is at the BIOS in the firmware level. If you can get below that as a hacker, you can control the operating systems. You can control the whole PC. So as a company we have to make sure that we offer firmware and BIOS-level device protection. We’re a device company so we have to do it.

What has HP Labs predicted to be the most invasive future cyber threats to endpoint devices?

The Lab’s view is that threats are just going to keep getting larger. And it’s not just our lab. A lot of the analysts that we speak to on security have said the same thing. Cyber security breaches last year probably cost nearly half a trillion dollars around the world, and they’re predicted to run into the trillions. It is only going to get worse, and there’s no hiding. You can go bury your head in the sand or you can get on the bus and do something.

>See also: Mistakes that lead to loss of corporate data in the cloud

Our Labs team looks at what we do today, and a lot of what we do today comes out of the Labs, so our HP SureStart is the BIOS protection. We’ve also got privacy screen technology built into a number of our enterprise products, which we call SureView.

We’ve got things like SureClick, which we worked on with a company called Bromium and uses virtualisation-based security. Again, we’ve got from the BIOS level up through the software level to protecting ports.

In the future, the challenge becomes more daunting because today is PCs, notebooks, desktops, smartphones and wearables, and tomorrow becomes implantables and autonomous cars. Today, you could probably hack into my machine at home if I hadn’t protected it and you could steal my data, but that’s about it.

In the future, if you break into someone’s pacemaker or car and cause an accident, you’re talking about playing with people’s lives. So as we go down the path of innovating and designing, when we focus on R&D in the Labs the main focus is security. There’s a whole room of people working on future security.

We also focus on 3D printing, which is something we have embraced and are driving quite aggressively as a new industry. And the third pillar is really immersive and ambient computing – the future of walking into your home in a truly immersive and personalised setting. This level is already there, but will probably take 15 to 20 years before it is fully commercialised. But we’re already looking at how we secure things like that, because that’s when hackers can start messing with your personal life. That’s what the Labs guys are working on right now.

>Se also: The cyber threat landscape is looking more and more dangerous

What impact might HP’s venture into 3D printing and this technology have?

Talking to experts, some say 3D printing is an $8 billion-a-year industry; others say it is $30 billion-a-year. No one really knows, because it is an industry that is in the process of being created.

What we do know, and what we expect to happen, is that 3D printing will transform and disrupt the entire manufacturing industry. The global manufacturing industry is worth about $12 trillion a year, so the stakes are high.

The current industry has a whole supply chain, which takes a long time and is quite costly. In the future, companies will be able to 3D print whatever they want in their back office or at service bureaus – much like photocopying. This is what we like to call the democratisation of manufacturing.

>See also: The cyber security industry: on the front line

Anybody, anywhere can become a design expert and will be able to print anything at any point in time. We’ve already started shipping 3D printers – our first range. Examples of who they’ve gone to are BMW and Nike.

Nike is talking about 3D scanning your feet so that the company knows the 3D dimensions in fitting your shoe. In the near future, shoes will be tailored like a suit. In fact, they’re doing this already. BMW wants to use 3D technology to print hubcaps, instead of shipping them in from all over.

The most dramatic change will be seen in the logistics and supply chain of manufacturing. 3D printing will change not just manufacturing but how the world creates and consumes almost anything.

Today, you can print basic plastics and metals, but in the future there’ll be all kinds of different materials you can print with. You can build sensors into the things you print, and then everything will have an IP address. You then come back to how you can secure that – it all ties in together.

 

The UK’s largest conference for tech leadership, Tech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...