When it comes to securing PCs and printers, HP is the most advanced hardware vendor. This advantage is because HP is focusing more on endpoints such as printers and PCs, and in part because the company has decided to differentiate its security efforts.
While HP’s peers have much broader technology interests, HP’s attention is timely, as the Safety Report is sounding the alarm bells that dangers are increasing dramatically. HP’s security efforts will likely expand over time; branding this part of the business as Wolf Security opens up potential future opportunities outside of HP hardware products.
Let’s talk about some of the more disturbing findings from the HP Q3 Threat Insights report.
New and old threats
When I started to cover security after leaving IBM, most of the threats were known, so script-based antivirus products were very effective. This has changed dramatically over time with the advent of polymorphic viruses that can evolve on their own once released and the emergence of large companies that produce malware as salable products. The growing malware industry, particularly ransomware, has been of particular concern in recent years.
HP reports a significant increase in new and unknown viruses, and now 12% of threats are new and unknown. This result explains why HP has turned decisively to deep learning anti-virus tools that can examine behavior rather than rely on scripts to better protect against these increasingly creative and damaging classes of unknown threats. .
Particularly disturbing is the dramatic growth of malicious Trojans, the report says, suggesting that companies are not providing enough employee security training; otherwise, this method of attack would be much less attractive and lucrative. And with people working from home, many defenses associated with Trojan horse attacks are not available to them. This growth would suggest that businesses may need to implement a much more comprehensive security solution for those who work from home than they currently have because what they are doing is not working.
Also read: Lessons on the Colonial Pipeline: Ransomware (and Security) Steps Everyone Should Follow
Web security is improving; Email security remains low
One of the most common attack methods is email luring; the larger category is “other” which means attackers have become much more creative with these decoys. Employees who have become accustomed to the more typical lures of bogus quotes, bogus invoices, bogus payments, and bogus inquiries, but fall victim to lures they’ve never seen or against never been warned.
And email accounts for up to 89% of the threats transmitted, suggesting, on the positive side, that improvements to browsers by vendors to deal with web security risks, which are down to 11%, associated with further hardening of websites, appear to be working to mitigate this attack vector. On the flip side, email reaches 89%, suggesting that businesses are not properly securing their email platforms, thereby exposing their businesses.
Interestingly, attackers have learned that employees may be more vulnerable to attacks early in the week, and the attack rate is dropping as we get to Friday. Attackers should take weekends off because combined weekend attacks (14%) are about the same as Friday (13%) alone, and Friday is the least active of the work week. Maybe the hackers get home early on Friday.
In terms of file types, many people have become concerned about PDF files. Still, attacks using this delivery method are reduced to 4% and executables, blocked by most modern email platforms, to 16%. Still, archives, documents, and spreadsheets are at 38%, 23%, and 17%, suggesting that employee training and email reporting of potential threats should pivot to these other types of documents.
Employee training is an important part
HP’s Wolf Security Threat Insights Q3 report shows us that the threat landscape continues to change and employees are increasingly targeted by new threats. As email has become the most important attack vector and file types have shifted from where employees were trained to look for other file types, they may not yet be aware that ‘they are compromised.
This report highlights that companies do not appear to be meeting the critical need for employee training, and that they are not sufficiently empowering their remote employees, especially the associated messaging systems. This exhibit suggests that unless something changes, we will see a steady rate of significant late-career violations for the foreseeable future.
Further Reading: Upcoming AI Threats We Are Unprepared For