Modern hackers and the reinvention of security

Hacking has evolved into a global threat performed by highly organised crime outfits. Here’s how security has been reinvented to keep businesses safe.

The world of hackers and the security measures needed to stop them have undergone a semantic shift in recent years.

We have more devices than ever before, with more connectivity and potential exposure. While security has attempted to maintain pace with these developments, the hackers themselves have grown increasingly Promethean in their methods.

Data breaches exposed five billion sensitive records last year[1] as malicious attackers continued to target the world’s technology and networks. Despite their large scale investments in security, two-thirds of the data breaches originating in the business sector.

Today we accept hackers as a constant threat and businesses know their technology must operate in a secure environment to succeed. However, the face of hackers and the motivations which drive them have shifted to larger-scale, highly sophisticated hacker networks, capable of bringing entire businesses to their knees. 

The evolution of hacking

The act of hacking has a much longer and storied history than many realise.

Back in 1903, a demonstration of Morse code over radio was hacked to tap out messages insulting inventor Guglielmo Marconi to a crowd in Royal Institution’s lecture theatre.

Hacking gained full notoriety in the 1970s to 1990s as computers expanded into everyday usage. However, hacking in its earlier form was more often about the hackers displaying their abilities – tech wizzes showing what they could do.

In 1987, 17-year-old Herbert Zinn bragged that he could hack AT&T’s network, so did just that to prove he could. In 1994, two hackers broke into hundreds of computer systems, including NASA, but the resulting manhunt led to finding one of the hacker known as “Data Stream” – a 16-year-old boy curled up in the fetal position crying as he was arrested.

This is not the case now. Hacking is big business today. Our money, our personal identities, the operations of businesses, the functioning of governments and the national security of nations are potential targets for hackers. As more of our technology is connected to the internet and our corporate networks, the hackers have more door to knock on than ever before. Hacking has evolved into a global threat and many businesses are relying on outdated technology to tackle a very modern threat.

How today’s hackers operate

No business is untouchable today. The average ransomware attack costs a company $5m (£4m) and it takes organisations an average of 191 days to identify data breaches[1].

A major focus of modern hackers are the unprotected devices which are unprepared for the hackers’ novel approaches. A chain is only as strong as its weakest link, and it is these weak links which hackers target. Take two very typical examples of how modern hackers can exploit a business.

The first example is a medical software company which works with hundreds of hospitals to host their data in the cloud. Hospitals are home to some of the most advanced medical equipment in the world, but they can also be filled with unsecure printers.

Without threat detection to keep it safe, hackers can install just about anything on the hospital printers. Even a phone can be used to hack the operating system of a printer. A software update on the printer enables a backdoor directly into their network and a data breach will enable the attacker to steal all of the medical records from all of its hospitals.

The second example is for a financial services company, but it could apply to almost any organisation. Having hacked an unsecured printer, the hacker can intercept all print jobs until they find the information they are looking for. For example, from a piece of information as simple as an employee’s date of birth, a hacker can set an effective and tailored trap.

They can send an email to the employee on their birthday, making it appear from the company, with a link to a birthday reward such as a

voucher. The employee will then print this voucher and in this one act, the hacker gains access to every computer on the network. The fake voucher was actually hiding the hacker’s malware in the print stream, bypassing the company security.

The hacker can then use the printer to get around the firewall, access all unencrypted data and route it themselves. The hacker can access confidential information, details on the personal identities of employees and also have clients’ most sensitive financial information.

Both examples also lend themselves to the historic concern around hackers – some will do it just because they can. They might then release sensitive personal or corporate information for no reason other than to demonstrate their abilities, or to highlight the weaknesses of a business or our systems in general.

A business can expect not only a financial loss from such data breaches, but it can damage a firm’s business credit and its wider reputation with customers, who may no longer trust the firm to maintain its data.

As the examples illustrated, an unprotected device, such as a printer, with no threat detection, no secure boot and no firmware check is a backdoor to a company’s network. There are hundreds of millions of business printers in the world, but less than 2% of them are secure.

So how do businesses stay safe in the face of this modern hacking?

The reinvention of security

A company can spend a fortune making their network secure, but it will not matter if the PCs and printers attached to the network are unsecure. So security is being reinvented in two very important ways.

Firstly, the answer to this threat environment for businesses is to deploy devices with built-in security. This is the best way to protect a business and to ensure the products they adopt have the inherent security capabilities to keep malicious attackers at bay. 

Secondly, today’s technology needs to be smart enough to adapt to the ever changing threat landscape. This is about the devices themselves having the capabilities to detect threats, stop attacks and correct issues themselves. 

Such an approach has been the bedrock philosophy of HP’s product development in recent years and in May HP CEO Dion Weisler stated: “We’ve been investing in security in the company across the board – not just in PCs but in print as well”.[1] The result is the firm producing the world’s most secure PCs and printers[2]. For HP, prevention is better than cure, so it has focused on preventing security issues at inception.

Take the HP Elite PCs, which protect a business with hardened security features and layers of protection. The range is built to proactively prevent threats and to quickly recover in the event of a breach. The HP Elitebook x360 – the world’s thinnest 13” business convertible – has HP Sure Click to protect against malware, ransomware or viruses, alongside HP Sure Start Gen3 which monitors, recovers, and restores in-memory BIOS. It also has multi-factor authentication where users can sign in with IR camera, fingerprint sensor, or smart card reader.

The PC is only part of the story though and monitor security is also important. The HP EliteDisplay E-Series instantly creates privacy in open workspaces and deters visual hacking with HP Sure View Gen3 technology, which protects sensitive information visible on a screen by making it difficult for onlookers to view from the sides. HP enterprise printers – including the LaserJet M400, M404, M428, M454 and M479 range – protect, detect and recovery automatically with self-healing security features. Run-time intrusion detection continually monitors device memory – if there is an attack, the device automatically reboots. HP Sure Start validates the integrity of the BIOS code and if comprised the device recovers with a safe ‘golden copy’ of the BIOS. Whitelisting confirms the authenticity of the firmware code. Finally, HP JetAdvantage Security Manager checks and fixes any affected device security settings. Businesses also get best-in-class security with its OfficeJet 8022, 9010 and 9020 range with self-healing Wi-Fi that helps keep users connected.

Armed with these technologies, businesses will be protected from the sophisticated and organised threat of today’s global hackers.


SOURCES:


[1] ‘HP CEO Weisler: ‘Highly Differentiated’ Security Approach Is Paying Off’: https://www.crn.com/news/mobility/hp-ceo-weisler-highly-differentiated-security-approach-is-paying-off 

[2] ‘World’s Most Secure and Manageable PCs – Claim Substantiation’: https://h20195.www2.hp.com/v2/getpdf.aspx/c05934743.pdf; ‘HP Security claims for business printing, scanning and HP Elite PCs’: https://www8.hp.com/uk/en/security/printersecurity/claims.html               


[1] ‘Top cybersecurity facts, figures and statistics for 2018’: https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html 


[1] ‘Data breaches exposed 5 billion records in 2018’: https://www.csoonline.com/article/3341317/data-breaches-exposed-5-billion-records-in-2018.html

Click to sign up to Ingram Micro's emails