When HPE National Strategist Garth Reid says cybercrime is getting worse, not better, he’s not being alarmist; he’s being realistic.
“Our biggest hacks might still be ahead of us, which is scary,” he said during the ITWC webinar “Growing and Innovating at a Time of Rising Cybercrime” on August 21, 2018.
Tech Data Technology Consultant Robert LeRoy introduced a second point of concern: that hackers are casting a much wider net than ever before — going after even the most unlikely of targets.
“We see hackers going after big firms, but they’re also now going after the ‘little people,’” he said. As an example, he talked about the town of Wasaga Beach (Ontario), which recently suffered an attack in which their computers were infected with malware. “They spent a month trying to fix it, eventually paying out both to consultants and in bitcoin to the hackers themselves. The total cost was around $90,000.” As LeRoy noted, that figure doesn’t include lost employee productivity.
Unfortunately, the problem lies not just in the frequency of cyber-attacks or the fact that no company is invisible to hackers.
Danger below the line
“Security is about bulk data collection at the cloud, firewall, applications, and hypervisor/OS level, but it’s also about what’s going on below the line, at the level of stealth persistence disruption occurring in server firmware and supply chain and component sourcing,” said Reid. “This becomes a far more sophisticated play [than it otherwise would be].”
“This is about looking at a motherboard on a server and understanding that you brought this technology in. You have many different sets of integrated circuits performing different functions, from VGA to networking to baseboard controller. Many of these different pieces of componentry are flashable. Someone can open up the firmware, insert malicious code, close it back up, and then target that particular device at a specific time, or with some other trigger.”
One important security key, noted ITWC CIO Jim Love, is in focusing on the stuff that perhaps isn’t obvious.
“It’s the hacker’s job to find those places people aren’t going into or thinking about,” he said. “They run a business, after all, and they want to find where those new opportunities are [and capitalize on them].”
“They’re going after the stuff on the edge,” LeRoy added, “but they’re also going after the firmware.”
Getting more visibility
Garth Reid, speaking on behalf of HPE, has a clear idea as to what IT security professionals need and are increasingly looking for.
“I’m going to understand that I take information from multiple sources,” he said through the eyes of IT security. “I want to be able to see the ingress and egress — the flow of data and requests to and from SaaS providers, internet locations, web locations, et cetera., to understand what’s happening internally. I want to understand how I can take that information and become analytical about it.”
With intelligence and big data analytics, Reid continued, it is possible to get visibility into anomalies, and from there to quickly and completely shut down these abnormal flows of data, which often are in fact breaches in the making.
The HPE “security assurance” Reid presented involves the server, network, storage, and supply chain levels.
“The security layer is becoming a major point of exposure,” he said. “It has increased the attack surface, and hackers are suddenly able to get server access through many device points.” As Reid notes, HPE’s Gen10 ProLiant server solutions offer not only built-in protection at a silicon-anchored point of trust but also the ability to detect attacks, or stop them in their tracks, as well as the ability to recover fast if a hacker does manage to pull off a successful attack.