Opinion

HP UK's MD: Stop your kettle from leaking valuable company secrets

7 min read

23 February 2017

When it comes to company secrets and the risks of them leaking, it’s time to raise awareness of device security to protect business networks, says HP UK's MD George Brasher.

Your office is under attack and your company secrets could be stolen. And whereas in years gone by, such a warning would mean doubling down on CCTV cameras and front desk security personnel, the threat is now virtual.

But don’t be under any illusion, cyber threats have very damaging tangible effects when criminals are able to penetrate your network and steal company secrets.

Don’t believe me?

Consider this. According to PCi, the annual global cost of cybercrime will be £4.6tn by 2021. That’s £4.6tn of real money that will be siphoned away from businesses by computer crooks.

And as the world gets smaller, the risks get bigger. We live in a hyper-globalised and hyper-connected economy, with more people, more devices, new opportunities, and new threats being added every hour.

In response this month, the government established the UK’s National Cyber Security Centre (NCSC) – a welcome and important effort in addressing the nation’s cyber threat.

But as fresh use cases for the Internet of Things create new vulnerabilities, the smallest chink in the armour is enough for criminals to gain access to the network where they can wreak havoc, access company secrets and cost businesses millions of pounds.

Recent reports of attacks on NHS trusts, serve as a reminder that organisations of all sizes should protect their networks, and indeed their data. The reaction to this shouldn’t be fear, it should be preparation. It should be taking a firm stance on security and involving the entire business for vigilance, not just the IT staff.

Yes, there may well be flashy new entrants coming into the office in the form of robots and VR headsets, but one mustn’t look past the equipment that for years may have seemed innocuous.

Take the printer, for example. Deeper integration into enterprise networks and smarter functionality mean that printers are better than ever at helping us to do our jobs.

But that same functionality should also prompt businesses to consider where things could go wrong – and protect against the worst-case scenario. In theory, anything with connectivity could compromise company secrets and data privacy – even if one day your office kettle was added to the network. It’s a cause for a new approach to security for new types of threats.

Starting with the endpoint

I’m a firm believer in the fact that security starts with devices and data on the edge of the network. One of the most dangerous threats to protect against is firmware attack, which can be carried out on almost any connected device.

Firmware is software that is embedded into a device – a piece of code programmed into a special bank of memory sitting in the hardware. This code is typically the first to execute when that device is turned on.

Consequently, firmware attacks are difficult to detect but they can allow the attacker to gain broad control, as they can access all hardware resources and administration and control capabilities. Many such attacks can evade existing device security and can be impossible to remove without a system board replacement.

It’s vital therefore to protect devices during boot up to prevent malware invasions and prioritise speedy recovery in case of attack on company secrets.

An example of this strategy is our self-healing PC and printer BIOS security solution HP Sure Start. This independent chip is not only capable of detecting firmware intrusion in a PC BIOS, but also of repairing it instantly without any action required from the user or the administrator of a device.

To help raise awareness of endpoint device security, this month we launched “The Wolf”, a dramatic short film series starring Christian Slater. The series draws attention to the security risks posed to corporate networks by real vulnerabilities in unprotected printers and PCs.

The risks of data being sent through the device, malware being put onto the device or documents being viewed or company secrets taken are major areas of danger.

But according to the Ponemon Institute, only 53 per cent of IT managers realise that printers are vulnerable to cybercrime.

There’s a lack of awareness within IT departments, before you even consider the other areas of the business, who also have a responsibility to make sure sensitive data and company secrets stay within the four walls of the company.

It isn’t enough to pay lip service to security. It requires a commitment to innovation in the domain of protecting networks, so it’s no accident that HP is working with a range of partners to bring about change.

For instance, initiatives such as CyberInvest have been set up by GCHQ and the Department for Culture, Media and Sport to get more businesses involved in cyber security research. HP is one of the first companies to have signed up and institutions such as the University of Birmingham are also part of the scheme.

The approach we advocate is one where there’s a collaborative effort to secure a business, because all areas are affected if a cyber threat does occur. The buck passing must stop.

More broadly, relationships between business, government and academia will secure networks well into the future.

We must now create a united front to show that everyone, from the employee to the IT manager to the boardroom is taking security seriously.

George Brasher is MD UK & Ireland at HP