By Computerworld UK, Contributing Editor

The survival of today’s businesses will depend on their ability to manage the several powerful trends which are combining to significantly amplify cybersecurity risk.

The first is the number of employees who now work remotely, a shift dramatically accelerated by the global pandemic. As a 2021 survey for the HP Wolf Security report Blurred Lines and Blindspots revealed, four in ten employees expect to work from home either full time or part time, a model of working that brings with it new provisioning and management challenges for CISOs and security teams.

The second is digital transformation and industry 4.0, developments which offers huge economic opportunities in terms of manufacturing efficiency while increasing complexity in terms of emerging networks that might soon comprise billions of Operational Technology (OT) and Internet of Things (IoT) devices.  This dependence on digital developments and the growing complexity of integrated systems has meant that organisations are more vulnerable to attacks from outside.

Indeed, the third and most challenging trend of all is industrial cybercrime, a global phenomenon which has gone from being a theoretical concern to an everyday and potentially existential threat for even the largest and well-resourced businesses. This means that companies need to be more security-aware, as Dave Prezzano, managing director of HP UK and Ireland points out. “A more digital world doesn’t have to mean a more vulnerable world. But it does mean that we must be constantly flexible, proactive and reactive to ensure resilience in continually evolving digital environments.”

The combined effect of all these trends is an economic one: that can lead to an unsustainable rise in costs, particularly those generated by cybersecurity, which as the HP Wolf Security Blurred Lines and Blindspots report confirmed is now a major anxiety for IT decision makers.

Historically, cybercrime has proved itself remarkably innovative, motivated, and persistent, adept at spotting and exploiting weaknesses organisations don’t even know they have. Despite this, even now there is a tendency to assume the challenge it poses is transient. The growing list of victims of attacks such as ransomware extortion show this assumption is mistaken.

The pressure points are not hard to locate. The latest HP Wolf Security Threat Insights Report found that, globally, 75% of the threats isolated were delivered by email. In a period when the number of threats downloaded via web browser increased 24%, a third of threats were unknown by hash to anti-virus scanners at the point of detection.

None of these techniques are new but the risk they now pose has accelerated in ways that leaves CISOs and security teams in a state of permanent financial and technological struggle.

Endpoint weakness

The common theme in many cyberattacks is the compromise of the endpoint or the user accounts associated with it. Too often, these devices are either weakly defended, or in the case of printers, IoT and OT devices, often not defended at all. In other cases, risky assumptions are made about the ability of employees to work securely with sensitive data on remote or home networks.

As ransomware attacks demonstrate, once threat actors gain initial access to one system, they can infect fleets of devices within hours. Why does this timescale cause such problems for modern cybersecurity? The answer is usually because endpoint and user accounts are trusted implicitly, giving them access to deeper layers of the network prized by cybercriminals.

It is to address this concern HP developed HP Wolf Security, a suite of technologies which implement layered endpoint security through application isolation, in-memory breach detection, and firmware protection and oversight. The principle is in the worst case scenario a compromise can always be contained within an endpoint and local network segment with minimal access to sensitive data.

Without an endpoint defence model which protects every device, digital transformation and remote working’s immense potential will lead only to weakness, vulnerability, and inevitable compromise. “Endpoint security is more vital than ever before as the first line of defence’ says Prezzano ‘and HP Wolf Security unifies all of HP’s endpoint security into one formidable force.”

For security teams, cyber-defence without upgrading endpoint security is a fool’s errand. In an age when the number of devices is set to expand, security teams need as many layers of defence as possible to contain a rise in threats that will not recede any time soon.

By Computerworld UK, Contributing Editor

Ransomware attacks are a threat to all businesses – and they’re increasing.

Within a fraction of a second of an employee clicking on a malicious attachment that wasn’t effectively scanned by email filtering, their computer is infected. With local files and network shares in peril it’s down to the anti-virus client to step in. If that layer fails, it’s game over – attackers are quick to use their unauthorised access to scope out the network, compromise important servers such as where back-ups are stored, then deploy ransomware to fleets of devices from inside the firewall.

By the time the ransom notes appear on screens, psychology takes over. Victims are in shock and want their networks back up and running. But only the criminals have the necessary keys as well as sensitive data they threaten to release. Any reluctance to pay results in a rising extortion demand.

It’s an extraordinary fact that after more than 30 years of PC security, many organisations seem no nearer to solving the endpoint security problems that fuel these attacks. This is despite a rising level of concern about defending endpoints, with a survey of IT decision makers (ITDMs) for the HP Wolf Security Blurred Lines and Blindspots report confirming that 91% see endpoint defence as an issue that is now as central as traditional network security.

A fundamental issue is that the attack surface presented by endpoints today is vast, including mobile and embedded devices, network printers, as well as the biggest prize of all, servers. A growing number of the latter offer privileged access, for example Remote Desktop Protocol (RDP), VPN access, and file transfer gateways.

When endpoint security fails, it often fails completely. Network monitoring might pick up the traffic created by malware but rarely quickly or accurately enough to stop its spread.

The new endpoint

Compounding this is the increased vulnerability of organisations forced to implement widespread remote working during the pandemic, a model that likely heralds more permanent change. This has created huge logistical problems for CISOs and security teams, not least the need to gain visibility on remote employees, who have been working outside companies’ perimeters and the accompanying security measures.

HP’s Wolf Security approaches this problem by re-designing endpoint security as a series of layers, starting with firmware protection, application isolation through micro- virtual machine technology, and in-memory threat detection. Endpoint security should never rely on one layer alone. If an anomaly is detected that endpoint should be isolated until the issue has been investigated, ideally using automated routines that can communicate with higher layers of network detection and response (NDR) alerting.

The principle here is layered containment and automated response, keeping unnecessary alerts to a minimum. Security is important but it can’t be implemented at the expense of network usability and efficiency.

Technology alone will not be enough for this new security model – the skills of the security team become paramount. Whether this expertise is in the corporate data centre, a dedicated Security Operations Centre (SOC), or provided by a managed security services provider (MSSP), this is the final layer of security on which good event and incident response rests.

Enhanced endpoint security metrics is critical to security professionals’ jobs because it gives them more data points on which to base their decisions. Far from endpoints being a weakness, in this vision each device becomes the smallest element of a functioning security nervous system.

By Computerworld UK, Contributing Editor

Within the space of a decade, the term zero trust (ZT) has gone from a term coined by Forrester analyst, John Kindervag, to a cybersecurity movement promoted by some as a way out of the unfolding economic disaster of unchecked cybercrime.

Zero trust is based on two simple observations. The first is that traditional perimeter security based on keeping attackers outside the firewall is doomed to failure because there are simply too many weaknesses and points of entry for this to be effective.

The second is that the fundamental cause of many cyberattacks is the dysfunctional way that trust operates in legacy cybersecurity. In this model, good security is about dividing users, devices, and connections into those which are trustworthy and those which are not. Some have access rights and privileges, and others don’t.

Zero trust security, by contrast, replaces this with the idea that nothing should automatically be trusted unless it has been carefully verified. Every user, device, and connection are a potential risk and should start from a position of zero trust.

Given that zero trust is a security model rather than a technology recommendation, how should organisations implement it?

In the approach adopted for HP Wolf Security, zero trust starts with the core of the security problem, namely the endpoint device. Typically, these are PCs, servers, and printers, but increasingly mobile devices, and a multitude of industrial operational technology (OT) and Internet of Things (IoT) equipment such as security cameras, in-car systems, and smart speakers.

In legacy security, devices are protected with security programs, while users are secured using rules and policies. There are difficulties, however, in maintaining a multiplicity of layers based on different security policies – especially as some of them are not interoperable.

We see the failures of this model in the way cybercriminals routinely target devices and user accounts as easy points of weakness through which to bypass perimeter security. As the HP Wolf Security Threat Insights Report for the first half of 2021 found, even privileged senior executives can be at risk, with campaigns regularly targeting them by name using boobytrapped attachments.

Similarly, the HP Wolf report Blurred lines and Blindspots explored the way that changes in working patterns brought about by remote working have stretched the perimeter model to breaking point. With the perimeter now often located on devices connected to insecure home networks, security assumptions based on traditional firewall defence have been rendered obsolete.

According to Ian Pratt, HP’s global head of security for personal systems “70% of breaches start with an endpoint compromise: A user clicks on something that lets a hacker take control of their machine and then use it as a beachhead. The attacker’s goal is to get on to the machine of a privileged user, and then follow them when they access high-value services, resulting in whole organization compromise and a very serious breach.”

HP Wolf Security zero trust addresses this by breaking down endpoint security into a series of layers. This starts with hardware-enforced security to protect the vulnerable chips and firmware which in traditional security are left unprotected. This layer includes features such as a self-healing BIOS protection and a central controller chip which helps recover compromised devices while monitoring for new vulnerabilities.

A second software layer of protection called HP Sure Click [i] provides the ability to isolate applications so that malware infection is unable to spread any further, for example if a user clicks on an infected attachment or plugs in a rogue USB drive. Meanwhile, HP Sure Run [ii] stops malware from closing security software, reinstating them should it detect interference.

Applications, the operating system, devices, users – nothing is automatically trusted, and any trust granted can be withdrawn at any time. What counts is being able to do this in a way that doesn’t require organisations to throw out their current technology or hire expensive analysts to sift through alerts and streams of data.  Containment and isolation fulfil this requirement by preventing attacks at the local level. This moves beyond old-style detection by making response more automated and cheaper to live with.

[i] HP Sure Click requires Windows 10 Pro or Enterprise. See for complete details

[ii] HP Sure Run is available on select HP PCs.