Servers & Systems: The Right Compute

IT security takes center stage in the global arena


IT security takes on more urgency as nation states—in conjunction with professional cybercriminals—assault targets all around the world. Here's what you need to know.

IT Security Blog.jpgMore than 720 million cyberattacks are expected by 2021, totaling up to a staggering $6 billion in losses and remediation costs in a single year, according to the Cyber Security Ventures 2017 Official Annual Cybercrime Report. The problem is so serious that the Federal Bureau of Investigation is taking the rare step of letting businesses and organizations know there's simply no way to stop attacks.

The best defense? The only way to defeat cybercriminals is with a solid IT security offense. The FBI's advice: Protect your organization as best as you can, but assume it will be breached. That's one of the difficult lessons James Morrison, a computer scientist at the FBI, shared during the August 2018 webinar with Bob Moore, Director of Servers, Software, and Security at Hewlett Packard Enterprise. Want to know more? Here's how you can prepare.

The IT security assault intensifies

One of the biggest problems with cybercrime is the way it has evolved. Only a few years ago, most cyberattacks were undertaken by so-called script kiddies—people who hacked for fun or bragging rights, or who Morrison characterizes as people living in their moms' basements. Today, however, cybercrime is a big business, he says. More importantly, it's a business that's run by blended threats, notes the FBI, such as nation states that use criminal hackers to commit their crimes. Many of these criminals reside in Eastern Europe and Asia, and they target companies of any size, according to the FBI. The attacks are even easier today than they were in the past because compute power has been pushed to the vulnerable edge.

It's no longer just individual hackers who are carrying out cyberattacks. Professional criminal organizations have huge teams and physical locations set up to bring in everyone from regular people to researchers to academics to help them perpetrate their crimes, according to the FBI.

Although comparably less malevolent, hacktivists create another problem. These cybercriminals attack their targets in order to make a political statement, often protesting an organization's actions related to labor or civil rights. Regardless of their intentions, hacktivists can wreak havoc and cost organizations money, time, and headaches.

FBI and law enforcement strike back

The FBI is making progress with its cybersecurity offensive, though. It's working collaboratively with security teams across the globe such as Europol. For example, in February 2018 the FBI took down and extradited the operator of a large botnet that was made up of more than 100,000 compromised devices, according to the US Department of Justice. Over the course of seven years, the botnet, called Kelihos, distributed billions of fraudulent emails containing ransomware and malware. The Kelihos creator made millions not only by defrauding companies but also renting his botnet to others.

According to the US Department of Justice, his well-reported end came after the FBI, in conjunction with law enforcement in Spain and the Netherlands, identified the Russian individual controlling Kelihos. The trio was able to take the Russian national into custody in Spain, where he was vacationing with family. He was soon extradited to the US to stand trial. This September, he pled guilty; his sentencing will take place next year, according to the FBI.

Best practices to avoid a fleecing

The FBI and other law enforcement agencies are doing everything they can to help protect businesses, organizations, and individuals from cybercrime and breaches, but it's up to you to make sure you take appropriate precautions to protect your IT environment, as well. You can start with the obvious, simple fixes. Your software and operating systems should be patched and up to date, and your organization should have policies and training in place to protect users. Companies that require strong passwords and authentication, and train employees and partners to make the right decisions when it comes to cybersecurity, are better prepared when cybercriminals inevitably strike.

For example, employees should know about one of the more recent tricks that hackers employ: developing relationships with users by investing days, or even weeks communicating with them, building trust in the process before sending them a malicious link or file. Employees need to know about social engineering, so they understand why they must always be on guard. Consider implementing security audits, too, and organized educational programs designed specifically with the newest threat vectors and cons in mind.

HPE solutions protect your business

With so many attacks happening at the server and router level, it's also crucial to acknowledge the need to protect these resources using built-in security. IT vendors are working diligently to help make this happen. HPE, for example, makes this easier to do with HPE Gen10 servers, the most secure industry-standard servers, according to Moor Insights. The Gen10 servers feature the HPE Silicon Root of Trust, a built-in technology that continually checks a server's firmware to make sure that nothing has changed. If it finds an anomaly as compared to the server's immutable fingerprint, the server goes into recovery mode, rolling back to the original code and thwarting attackers who are waiting to exploit those compromised IT resources.

Another HPE offering, Gen10 Secure Server Management, can help you protect, detect, and recover from an attack. HPE Server System Restore, which is a feature in HPE's iLO Amplifier Pack, can restore up to 10,000 servers automatically. The software removes any corrupt firmware, reinstalls the correct one, restores all applications, and recovers data from a protected secondary backup site.

While there is no way to keep hackers out, taking these steps to protect your organization and keeping track of what the FBI and other law enforcement entities are doing can help you keep your employees and data safe while minimizing the risk of downtime and data theft.

Gain a true sense of IT security

There is plenty you can do to shore up your own organization's IT security strategy. To learn more about the changing face of threats, and to hear commentary from the FBI's James Morrison and HPE's Bob Moore, watch the webinar.

Karen Stealey.jpg Meet Infrastructure Insights blogger Karen Stealey, IT Journalist.

Karen Stealey has been writing about technology for more than 15 years. Her work has appeared in top technology and business publications including InformationWeek, BusinessWeek, and Forbes. 


Infrastructure Insights
Hewlett Packard Enterprise

twitter.gif @HPE_Servers

About the Author


Our team of HPE and other technology experts shares insights about relevant topics related to artificial intelligence, data analytics, IoT, and telco.