Looking For Better Cybersecurity? HP Has Some Answers

With the sheer number of high-profile data breaches taking place lately—some even called 2014 the year of the data breach—it's only natural that companies would be looking for ways to improve cybersecurity. While there are plenty of methods out there to bolster the security measures, HP has an idea that might sound a little novel, but has a surprisingly rational basis.

HP's big measure to protect businesses against cybersecurity-related issues? Focus on the people and the processes, according to Art Gilliland, HP's senior vice president and general manager for software enterprise security products. Gilliland notes that a lot of businesses are focused on finding that “silver bullet” product that will fix all the security woes a business might encounter, but Gilliland let it be known that that wasn't the key. Gilliland went on to note that a “product guy” like him would find it tough to say, but investment in “people and process” was a better way to go.

Gilliland offered some explanation, noting that most cybersecurity problems are the results of human error—the people—and flawed procedures, the process. So addressing these two points can result in a lot of the problem taken out of the whole situation. Gilliland even noted that “the first thing that always gets negotiated out of every [security software] contract is the training and the services,” which compounds the issues of people and process.

There's a further problem with product as well, Gilliland points out, as businesses focus on tools to keep attackers out like antivirus systems and firewalls, but don't do much to detect and stop attackers that are actually inside the system. Perimeter defense is certainly important, but there needs to also be a focus on encryption and protecting data against the attacks that happen when perimeter systems fail. Plus, there's even a move on to get organizations to share more data about attackers, not just among businesses but with the United States government as well.

Focusing on people and processes actually makes a lot of sense, particularly when some forms of cyber-attack are considered. A recently-emerged bit of malware known as Dyre Wolf actually exemplifies this notion, as it not only breaks into a system, but it requires employees who interact with it to respond a certain way for the malware to have the greatest effect. It's a concept known as “social engineering,” and it tries to get users to respond in a specific way based on conditioning factors that most have already experienced. Dyre Wolf likely wouldn't have half the impact it's already had if employees knew what to watch for and could thus deflect the malware's attempt to gain access.

People and processes, that's the key, according to Gilliland, and on a certain level he's quite right. There will always be a need and a value to antivirus tools and the like, but protecting the system at its most elemental level will also provide value; the kind of value that may mean the difference between a system running at its best and a ruined system that's losing the business money daily.