Nearly every aspect of our lives has fundamentally shifted to being more digital due to COVID-19 — how we live, how we work, how we communicate and how we interact with one another. In this ‘new normal, we are becoming more dependent than ever before on the resilience of our digital systems. For businesses in particular, the massive global shift towards remote work is creating challenges for organizations of all sizes —from SMBs to multinational enterprises— to adapt and transform, in order be able to keep control over system security and maintain operational resilience.
As economies reopen, businesses have to prepare for a future in which the same situation could arise again, locally or globally, with a frequency we won’t control. In that context, and given how we have seen cyberattacks increase in number and sophistication over recent years, it is key to take a moment to consider what comes next. How do we operate in this uncertain environment? How should we prepare for the next major crises? Where is technical innovation needed to help stay in control of cybersecurity and ensure robust business continuity?
To help navigate what this all means and how to adapt, HP convened a panel of experts to discuss “What’s Next in Cyber Security?” I was proud to participate alongside some of the industry’s leading experts: Ed Amoroso, CEO of TAG Cyber and former CISO of AT&T, Charles Blauner, Partner & CISO in Residence at Team8 and former Global Head of Information Security at Citigroup, Kris Lovejoy, Global Cybersecurity Leader at EY and former CISO of IBM, and Ian Pratt HP’s Global Head of Security for Personal Systems.
With almost a century of collective experience in cybersecurity, it was an incredible opportunity to discuss and explore the challenges in front of us with this group of leading IT security professionals.
As Kris Lovejoy and Charles Blauner reflected: security is taking up a fundamental role in operational resilience and organizational trust. “COVID-19, if nothing else, has started to get people thinking about operational resilience,” said Charles. “The good CISOs understand how to use the idea that security is a foundational aspect of operational resilience. This is an opportunity [for CISOs] to change the nature of their relationship with their CEO. The really good CISOs are thinking about how to leverage cutting edge security technologies or maybe even ancient security technologies to transform the business.”
The acceleration towards remote working also creates demand for technical solutions and innovation in cyber security — in particular, we see a growing need for more autonomous and self-healing endpoint devices. And the good news is that this is a field of cybersecurity innovation that HP has been championing and investing in for many years, and that we are beginning to see progress across the industry. “We’re now enabling organizations to order machines not only imaged but also provisioned with security credentials straight from the factory, so employees can use them securely straight out of the box,” said my colleague Ian Pratt. “We’re at a point where endpoints really have to be able to look after themselves at every stage.”
My contributions to this discussion focused on some of the increased pressures that today’s novel situation creates on endpoint infrastructure security and resilience, from dealing with the digital environment at home at scale, to putting users under more pressure than they are used to. But I also shared some thoughts on how technical innovation in endpoint cybersecurity technologies can help organization rise to these new challenges.
Adapting to the New Normal
During the panel we talked about how massively distributed infrastructure is becoming the norm, broadly. From remote work to IoT infrastructures to all forms of automation. And in this distributed world, endpoint devices sit on the frontlines of the cybersecurity battle ground.
Home and office technologies are colliding on a scale we had never seen before. As we learn to get used to working from home, with a frequency and scale we cannot predict, we must anticipate that cybercriminals will look to exploit home IoT technologies to attack and achieve disruption at scale. In this environment where work and home are blended, employees are under increased pressure, as a target of phishing campaigns, but also because many will find it harder to follow cybersecurity good practice at home. Even IT organizations can become lax. Kris Lovejoy, EY Global Cybersecurity Leader and former CISO of IBM shared some research on the panel that revealed that in response to the pandemic “84% of the world introduced some work from home capability, 60% introduced technology to enable that, and 60% of those either completely skipped or abbreviated the security checks as part of that implementation.”
But there is a silver lining. The need to secure an ever more fragmented workforce and to ensure business resiliency in the face of increasing cyber risk is becoming the number one priority for every size of business. The panel reflected that this was already a trend, and that the recent situation will accelerate efforts to address it. This is an opportunity for CISOs and IT Managers to become leading voices to help adapt and plan for the future of their organizations. Although often perceived as an inhibitor to innovation, cybersecurity may be gaining some newfound recognition for its central role in enabling digital transformation while achieving operational resiliency. The message seems clear for any CISO: the cost of “hoping for the best” and relying on existing solutions is simply too great.
Technology and Innovation to Enhance Security and Resilience
With everyone working remotely, devices are under even more pressure. Something goes wrong? A potential breach occurs? Your device is stuck in reboot on a splash screen asking for ransom? You won’t have someone turning up at your door to help remediate the situation anytime soon. It simply is not possible to assume the same sort of IT intervention that we were used to in order to get users back on their feet anymore. And with the uncertainty we are facing, this means we need to organize differently, with people, processes, and technology deployed appropriately to support our new environment. From a technology perspective in particular, organizations need to identify solutions that will help deliver operational resilience, from cloud-solutions to endpoint devices designed with the security and resilience anchors built into the hardware itself.
HP has been investing for years in raising the bar with endpoint devices designed with security and resilience built-in from the start. From business printers to PCs, it is more important than ever that devices are more autonomous with their ability to protect, but also detect and recover from whatever is thrown at them. This means devices that can always go back to a good state securely and autonomously, without the need for IT intervention, from anywhere. This means using endpoint devices designed from the start to isolate threats and self-heal autonomously, like HP’s business PCs and business printers, using technologies such as HP’s Sure Start, Sure Click, or Sure Recover.
It also means that CISOs and IT organizations have the opportunity to make security and resilience requirements a priority for user devices, to help deal with the challenges ahead.
Staying Ahead with Research and Innovation
But all of this doesn’t only apply to our traditional computing infrastructures and IT systems. It also applies the new domains where computing is emerging fast, from all forms of IoT ecosystems to new domains like healthcare or digital manufacturing.
For example, the recent COVID-19 crisis revealed how important 3D printing was in quickly producing critical personal protective equipment (PPE) close to where they were needed around the world, using the nearest technology available. This also will drive transformation in what we think of as the new normal. In fact, we project a future where 3D printing will enable this form of digitized distributed manufacturing on a massive scale. And we know this will make cybersecurity and operational resilience as critical for that distributed digital manufacturing as it is today for distributed endpoint infrastructures.
COVID-19 has laid so many things bare, but it has also delivered an unparalleled opportunity to create a more secure, safer, and resilient cyber-physical world. It shows the importance of HP’s strategy to innovate and lead the industry in designing some of the most secure and resilient endpoint technologies on the planet.
This is why security research and innovation, and our efforts at HP Labs, continue to be key to stay ahead of cyberthreats, and invent the security architectures and solutions that will deliver resilience from silicon to cloud for a safer cyber-physical future.
Click here or the image below to see highlights from HP’s “What’s Next in Cyber Security?” panel.