February 5, 2013
ZD Net reports that HP executives met to discuss the problems with IT security in today’s businesses, claiming that many businesses follow a “check box” approach with no understanding of “hackers’ resources and capabilities”.
Executives and security experts at HP argue that in order to prevent cyber attacks, “a complete change in understanding” needs to occur, and businesses need to invest more in defence both before and after security breaches. “This is a game of risk management,” said Art Gilliland, Senior Vice President of Enterprise Security Products for HP’s software group. “Companies need to be able to see and understand their exposure potential and prioritise what they respond to.”
Gilliland went on to explain that a market place has started to grow around cyber crime due to so much money being involved in intellectual property, arguing that in order to combat security issues, companies “need to think about how they can disrupt each of the steps in the process of establishing this marketplace”; which Gilliland lists as “research, infiltration, […] discovery (mapping out assets about where data may live), capture (adversary takes control of the asset) [and] exfiltration (stealing of data and/or destruction of data)”.
Gilliland points out that companies are “competing against the best in the world, and they only have to be right once”, adding that “it’s inevitable” that hackers will learn to get around antivirus toolkits and solutions and urging security experts to catch them out “on the inside before they’ve stolen data”. He notes that upon assessment of the market spending on security, it is apparent that companies are spending money on blocking attacks, but are ignoring the other stages needing defence.
Another problem listed by Gilliland is that a lot of companies may not have the expertise or money to tackle security issues, and that more awareness needs to be raised among software developers for whom security may be a second thought due to the pressure to work quickly. This view was backed by Jacob West, Chief Technology Officer for HP’s Fortify unit for enterprise security software, who agreed that it is “difficult to find a balance” and that developers need to be made aware that “they are making decisions every time they make queries”. However, he noted that an increasing number of businesses are beginning to reward adequate security performance with bonuses, although the shift in views is happening slowly.
HP’s discussion of IT security comes after the company came under fire recently due to a potential security flaw in its JetDirect software and the discovery that many of its printers can be remotely hacked using Google searches.
Categories : Products and Technology