The security landscape in 2015 is already shifting, as organizations big and small try to avoid ending up as a victim of a data breach like the one that took a toll on Sony Pictures. The impact of the Sony breach is being felt at Hewlett-Packard as the company aims to protect itself and its customers in a year that is set to bring great change.
Although changes in the market are likely in the year ahead, Art Gilliland, senior vice president and general manager of Enterprise Security Products at HP, noted that many of the attacks in recent months have stayed consistent and the Sony attack is an example of issues that have been talked about for a while.
One of those issues is the risk of co-operative attacks, where there is an adversarial entity that has an objective of breaching a specific organization.
“What is different about the Sony attack is that it is the first time that we’ve seen what we believe to be nation-state sponsored cyber-damage,” Gilliland told eWEEK.
As opposed to being just an attack to steal information, Gilliland believes real damage was done to Sony as an act of cyber-terrorism.
The U.S Federal Bureau of Investigation confirmed on Dec. 19 that North Korea was behind the Sony attack. While the FBI has blamed North Korea, other security experts have alleged that one or more former Sony employees may have worked with the attackers.
The risk of insider threats is another key trend that concerns Gilliland. In his view, historically there has been an over-reliance on system level monitoring that is focused on protecting servers, desktops and laptops. With the system level monitoring approach, the goal is to prevent the protected systems from being infiltrated.
“Sony is just one of many that prove that method of protection isn’t working, partly because of the insider problem,” Gilliland said.
The reason this is such a problem is that there are users who have broad permissions to access data to do their jobs. Those users can do good work with their access—or they can do bad things.
“The change that is going to occur is that we need to be a lot more information- and identity-centric in the way that we think about security going forward,” Gilliland said.
HP Refocuses Its Security Efforts in Light of Sony Hack, Company Split
The reality of the modern world is that there is reason to worry about security exploitation. However, there are things that can be done to reduce the risk, Gilliland said. It’s not about trying to stop breaches, he added, but rather about how quickly an organization can identify a breach so that the amount of damage can be limited and contained.
A good approach, according to Gilliland, is to have capabilities that can potentially disrupt processes used by attackers. He noted that much of the security spending today goes into technologies to block attacks.
“If an organization just focuses on the silver bullet to block attacks, it’s inevitable that an attacker will get in,” Gilliland said. “The attackers will find the crack in the armor to get in.”
He added that the ability to detect a breach and to know what to do once the breach has been detected are key skills that need to be in place as part of a mature security practice in 2015.
Sony as a Security Business Driver
One other impact that the Sony Pictures security incident has had is that it has once again put focus on the need for robust security, which is ultimately a good thing for HP and others in the security business.
“Whenever there is any significant coverage of any breach, the interest in what we do is much higher,” Gilliland said. “There are lots of conversations that we have where the Sony, Target or Home Depot breaches are the topic of the discussion, and a lot of what comes out of the discussions is the question about what organizations need to do or change.”
Another driver for security funding in 2015 will likely be the need for compliance with the PCI DSS (Payment Card Industry Data Security Standard) 3.0 specification that went into effect on Jan. 1, 2015. Companies are getting funding to meet the compliance requirements, but he said funding to just meet compliance can be a double-edged sword. The positive side is that organizations get funding for security; the downside is that some organizations may think that by achieving security compliance, their security is good enough. The reality is that it’s not enough and, in the increasingly complex threat landscape, security challenges are always growing.
In addition to the online threats that are impacting HP’s customers, there is another big change on the horizon for HP—the pending split of HP into two separate companies, one known as HP Inc. and the other as HP Enterprise. Gilliland and HP’s security division will become part of the new HP Enterprise company.
“From a security perspective, it will give us more flexibility and the ability to invest differently in the things we do,” Gilliland said. “I think the focus it will give us on the enterprise customer base will be great for our customers and great for our shareholders.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.