Servers: The Right Compute
Showing results for 
Search instead for 
Did you mean: 

Defending Your Infrastructure Against the 8 Most Common Cyber Attack Vectors


In 2016, malware infected 98% of businesses surveyed. Discover the other top cyber attacks and find out how HPE ProLiant Gen10 servers drive enterprise IT security all the way down to the firmware layer.

Blog_CyberAttacks.jpgAccording to a Ponemon Institute report survey of 237 companies, malware infected 98% of businesses in 2016. This factoid underscores how cyberattacks impact organizations of all sizes. But running a thriving business and innovating new solutions while fending off the financial and brand-reputation consequences of cyber attacks can be a monumental challenge. 

Variety of attack vectors turns IT security into a moving target

It’s no wonder, when considering all the different vectors from which attacks can originate. That same Ponemon report—The Cost of Cyber Crime Study & the Risk of Business Innovation—reveals the eight most common attack vectors and the percentage of companies hit by each type:

  1. Malware – 98%
  2. Phishing and social engineering – 70%
  3. Web-based attacks – 63%
  4. Malicious code – 61%
  5. Botnets – 55%
  6. Stolen devices – 50%
  7. Denial of services – 49%
  8. Malicious insiders – 41%

The variety of these attacks and the number of companies that suffer from them illustrate how enterprise IT security is a constantly-moving target. Hackers go where they find the least resistance. And since today’s defenses focus primarily on protecting software, cybercriminals are now turning their sites to system hardware. Watch for greater insights into why your company should pay greater attention to the growing security threat.

The deepest level of any hardware system is the firmware, and that’s where the most damage can be done. Once hackers gain control of the firmware, they can manipulate everything on that device, which may give them access to other devices across the network.

That makes it easy to propagate the network with many of the attack types listed above, including malware, social engineering, botnets, and denial of service. Innocent insiders who have their devices hijacked can even be made to look like malicious end users.

Protecting servers at the firmware layer

Protecting firmware requires considering the vulnerabilities across the server manufacturer’s entire component supply chain. Other potential IT infrastructure security risks include the code running on the server and the server data I/O on the network. Any server connected to the Internet should be protected.

HPE has devised an infrastructure security strategy to help businesses take on the firmware security challenge through the unique server protection, detection, and recovery capabilities offered by the HPE ProLiant Gen10 portfolio. HPE owns the ProLiant supply chain, which gives you more control over your hardware security. For example, we manage the process for installing firmware onto motherboards, and we develop our own BIOS.

The servers in our portfolio also provide an increased the level of physical IT security by leveraging the silicon root of trust, which is burned into the motherboard components. This makes ProLiant servers literally impossible to compromise. Each time a system boots, the firmware checks it to make sure it’s legit. If not, enhanced recovery features roll back the firmware to its original state.

The ProLiant Gen10 portfolio also features several other IT security hardware measures:

  • CNSA algorithm makes sure nothing nefarious is going on inside servers.
  • Intel TXE technology attests the hardware matches up with the appropriate operating system.
  • National Institute of Standards in Technology (NIST) compliance translates to HIPPA, NERC, and ISO270001 compliance.

To find out more about reducing cyber risks as well as the financial and reputational consequences of cyberattacks, download the Ponemon Institute report.

Related links from Enterprise.nxt:

0 Kudos
About the Author


Bob leads the partner software organization for the server division. His team is also responsible for productizing the new HPE security technologies and delivering a comprehensive approach to security across all solutions.