George Brasher, the OEM’s Managing Director of UK and Ireland, discussed stopping technology “from leaking valuable company secrets”.
Real Business featured the article from Brasher, who stated “it’s time to raise awareness of device security to protect business networks”, noting “your office is under attack and your company secrets could be stolen […] in years gone by, such a warning would mean doubling down on CCTV cameras and front desk security personnel, the threat is now virtual”.
He adds “cyber threats have very damaging tangible effects when criminals are able to penetrate your network and steal company secrets”, citing PCi research that found “the annual global cost of cybercrime” will be $4.6 trillion ($5.7 trillion/€5.4 trillion) by 2021, which is “real money that will be siphoned away from businesses by computer crooks”.
He notes that “we live in a hyper-globalised and hyper-connected economy, with more people, more devices, new opportunities, and new threats being added every hour”, citing the UK government’s “welcome and important” response to establish the National Cyber Security Centre (NCSC) to address the “nation’s cyber threat”.
Despite this, Brasher warns “fresh use cases for the Internet of Things create new vulnerabilities”, so “the smallest chink in the armour is enough for criminals to gain access […] wreak havoc, access company secrets and cost businesses millions of pounds”. He mentions “recent reports of attacks on NHS trusts” that “serve as a reminder that organisations of all sizes should protect their networks, and indeed their data”.
However, the reaction “shouldn’t be fear, it should be preparation”, and “taking a firm stance on security and involving the entire business for vigilance, not just the IT staff”. While there “may well be flashy new entrants […] in the form of robots and VR headsets”, he warns that “one mustn’t look past the equipment that for years may have seemed innocuous”.
Here he zeroes in on the printer, stating that “deeper integration into enterprise networks and smarter functionality” mean printers are “better than ever at helping us to do our jobs”, but that “same functionality should also prompt businesses to consider where things could go wrong – and protect against the worst-case scenario”, while “anything with connectivity could compromise company secrets and data privacy – even if one day your office kettle was added to the network”.
He believes this is “cause for a new approach to security”, and believes “security starts with devices and data on the edge of the network”, while “one of the most dangerous threats to protect against is firmware attack, which can be carried out on almost any connected device”. As embedded software, it’s “the first to execute when that device is turned on”, so attacks are “difficult to detect”.
Such attacks “can allow the attacker to gain broad control [by] access[ing] all hardware resources and administration and control capabilities”, and can “evade existing device security”, becoming “impossible to remove without a system board replacement”, meaning it’s “vital” to protect devices “during boot-up to prevent malware invasions”. He cites HP Inc’s BIOS security solution Sure Start, which can detect and repair firmware intrusions.
Brasher also cites the OEM’s recent printer security advert, and Ponemon Institute research that noted only 53 percent of IT managers “realise that printers are vulnerable to cybercrime”, with this “lack of awareness” a problem “before you even consider the other areas” of a business that “also have a responsibility” to protect data.
He adds “it isn’t enough to pay lip service to security”, as “it requires a commitment to innovation”, with initiatives the OEM has joined in the UK including CyberInvest aiming to “get more businesses involved in cyber security research” He concludes that “the approach we advocate is one where there’s a collaborative effort to secure a business, because all areas are affected if a cyber threat does occur.
“The buck passing must stop. More broadly, relationships between business, government and academia will secure networks well into the future. We must now create a united front to show that everyone, from the employee to the IT manager to the boardroom is taking security seriously”.