Servers: The Right Compute
Showing results for 
Search instead for 
Did you mean: 

4 Myths You Need to Know to Protect Your Business from Security Threats


How do you keep cybersecurity costs low and give employees new technologies to work with while protecting digital assets? HPE dispels the myths that slow many businesses down from deploying sufficient IT security measures.

Blog_MythsIT_6_6.jpgMore than 700 million cyberattacks occur every day…on average, data breaches cost U.S. businesses $17 million per year. The staggering cost is no wonder—it usually takes from 12-to-18 months to discover firmware attacks.

The world also keeps receiving stark reminders of the ever-evolving nature of cyber criminals. In mid-May, WannaCry, the biggest cyberattack ever, hit at least 150 countries and infected 200,000 machines in just 48 hours. The victims included hospitals, universities, manufacturers, and government agencies—with the list of those suffering a breach continuing to grow as variants of the virus spread.

In light of the steady rise in  successful attacks over the past five years, key factors are impacting businesses of all sizes. While deploying security measures is critical, so too is the need to gain agility in implementing new technologies while also controlling costs.

Know the facts: 4 myths about cyberattacks

Exactly how can your company keep costs low and give employees new tools to work with while also protecting digital assets? An October 2016 Ponemon Report illustrates how several myths seem to be slowing down the pace at which businesses are deploying sufficient IT security measures:

Myth #1: Cybercrime is costly only for certain industries

While the financial services, utility, and technology sectors rank at the top when it comes to the cost of cybercrime, no industry is safe. Even sectors that average a lower cost of cybercrime—hospitality, automotive, and agriculture—still experience anywhere from $2.75 million to $3.75 million in annually expenditures when reacting to attacks.

Myth #2: Outside attacks are costlier than inside attacks

It’s not just cybercriminals in other countries that you need to defend against. Malicious insider attacks have ranked at the top of all attacks in terms of cost for the past two years and nearly 26% higher in 2016 compared to the next most costly type of attack—denial of service.

Myth #3: Once an attack is discovered, it can be contained immediately

The time it takes to contain attacks is perhaps the most frustrating challenge facing companies today. While botnets and malware are often contained within a few days, website attacks as well as malicious code and insider attacks often take anywhere from 25-to-55 days to contain.

Myth #4: To combat escalating cyberattacks, everyone is adopting sufficient security measures

Although WannaCry is the largest cyberattack to date, major attacks go all the way back to the 1980s. Yet many companies still lack effective cybersecurity. While 49% have deployed advanced access-management systems, only 40% have deployed threat intelligence systems and a mere 25% have automated their policy management tools.

Defending against infrastructure attacks

Security can be a major challenge when creating agile hybrid infrastructures that span on-premise environments and the cloud. There are many risks to mitigate, including sophisticated attacks on firmware that attempt to run the infrastructure itself.

Firmware security is particularly critical: While security managers focus on protecting operating systems, networks and applications, hackers counter by targeting underlying infrastructure components—attempting to compromise the firmware that runs the server, storage, and network devices. Firmware breaches are vicious because they enable hackers to hide malware deep inside systems to the degree that many enterprise IT security scanning technologies cannot detect them. The results can be devastating.

HPE is a pioneer in taking on these challenges, providing the first and only countermeasures against firmware attacks. We offer unmatched threat protection and cost-effective security control technologies built on open standards.

Our server firmware cannot be comprised because we own the ASIC that runs the devices (a stark contrast to other manufacturers that use third-party ASICs). HPE Secure Compute Lifecycle, with supply chain security for all server components, offers several key capabilities:

  • Silicon Root of Trust
  • Firmware runtime validation
  • Detection of compromised firmware code
  • Extensive standards compliance like FIPS and Common Criteria
  • Unparalleled firmware recovery after attack
  • Supply chain attack detection with intrusion detection devices

We also provide additional infrastructure security and network security measures for hybrid environments: network monitoring, security analysis, next-gen firewalls, and end-to-end data integrity. You can also benefit from tamper-proof file data—recoverable at all-flash array speed.

To find out more about the cost of cybercrime—and how a high-security profile that combines best practices with leading IT security solutions will support your business innovation while reducing the cost of cybercrime—I invite you to follow us on Twitter at @HPE_Servers.

Learn more about HPE security innovations.

0 Kudos
About the Author


Bob leads the partner software organization for the server division. His team is also responsible for productizing the new HPE security technologies and delivering a comprehensive approach to security across all solutions.