For decades, hackers fell squarely into two camps: “black hats” in it to show off their skills, and then later, for money, espionage and data theft, and “white hats” who breached systems to uncover flaws before the bad guys could find them and make sure companies promptly fix them.
Now, destruction for destruction’s sake has become a hallmark of the global cyberattack. The foremost example being the 2012 attack on Saudi Aramco, one of the world's largest oil companies, that wiped or destroyed 35,000 computers before the devastation was halted. Or who can forget the Sony Pictures’ hack, which left the studio’s reputation in shambles and its co-chair fired. With malicious actors everywhere looking for any possible exploit, one key to surviving the constant escalation of threats is to keep reinventing how you stay ahead of the game.
A new Security Advisory Board organized by HP aims to do just that, by bringing a trio of outside security experts inside the company. All three initial members have unique first-hand expertise in the world of hacking and the latest developments in security technology and strategies.
The board builds on HP’s 40 years of leadership in cybersecurity. As the world’s largest PC manufacturer and leading maker of printers, HP has driven a slew of security innovations, from technology that provides cryptographically secure updates of a device’s BIOS to run-time intrusion detection, which checks for anomalies, automatically rebooting when an intrusion is detected.
These security experts will act as a reconnaissance team, providing insights from the front lines that the company will use to reinforce its own security work. The board will also generate strategic conversations about the rapidly shifting security landscape with HP executives and the market.
“We want to be the sharpest we can be on what the future holds, understanding the threat landscape today and being able to address the real problems of tomorrow,” says Boris Balacheff, HP’s chief technologist for system security research and innovation.
The person HP chose to lead the advisory board is far from your run-of-the-mill corporate security expert. The new chairman, security consultant Michael Calce, a.k.a. “Mafiaboy,” launched his public career in 2000 at the age of 15 by unleashing a massive cyberattack that brought down Yahoo!, eBay and Amazon. It led to an FBI manhunt and $1.7 billion in economic fallout.
Joining him is Robert Masse, a partner at Deloitte (acting independently in this instance), with more than 20 years of experience in cybersecurity, focusing on risk management and – ironically – a shared history with Calce. Following his own run-in with law enforcement over hacking when he was a teen, Masse provided guidance to Calce after his arrest.
A third member is Justine Bone, who began her career doing reverse engineering and vulnerability research at New Zealand’s version of the U.S. National Security Agency before leading security for companies, including Bloomberg LP. She’s now the CEO of MedSec, which analyzes technology security for healthcare companies.
The Security Advisory Board will work with HP to identify evolving threats and help companies adapt to the fundamental changes taking place in the security landscape. One of these changes is that inadequate security can’t be hidden anymore; the hackers’ armory is too deep and sophisticated and automated attack tools are constantly on the lookout for flaws to exploit. Bone says it takes only two and a half minutes after you plug in a smart camera or screw in a smart light bulb for an internet bot to compromise that device. Billions of connected devices span every inch of our economy and our lives, from supply chains and energy grids to connected cars.
That’s putting everyone under a microscope, from the top of the chain to the bottom. “Security has become an imperative for our customers,” says HP’s Balacheff. With the average U.S. breach costing $7 million and intensifying scrutiny from consumers and investors, it’s increasingly clear that C-suite execs must become involved in anticipating security threats.