HP Innovation Journal Issue 14: Spring 2020 | Page 27

For a technologist with a questionable sense of
ethics, the offer is hard to resist: set your own
hours, work from home, earn a regular salary, and enjoy
an opportunity for infamy. From content creators at troll
farms, to network admins for botnets, jobs in criminal
gangs aren’t quite what they used to be.
Today, many illicit organizations look, and act, a lot like
their legitimate counterparts. In fact, some criminal groups
have gone so far as to hold their own business conferences. 1
This era of cybercrime professionalism is raising the stakes
for those maintaining computing systems. As threats enter
mass production and exploits become business as usual,
organizations of every size are fighting to keep pace. As a
result, more IT decisions are becoming security decisions—
such as selecting devices and IT equipment to purchase or
choosing partners to work with.
BUSINESS AS USUAL
As cybercriminal groups professionalize, they’re also
specializing. This shift to “as a service” criminality has created
a sophisticated ecosystem, where every attack can efficiently
employ best-of-breed services. As the business of hacking
evolves, it calls for an equally professional response. Constant
vigilance is arguably the foundation of cyber-resilience, but
not every organization can afford to have its own threat
intelligence team running 24/7. Even if everyone could afford
to build these specialist teams, the talent itself is in short
supply. Projections suggest there will be 3.5 million unfulfilled
cyber jobs by 2021. 2 For small- and medium-sized businesses,
this problem becomes even more acute. Machine learning
and cloud technology may be part of the solution, but they
are simultaneously helping cybercriminals scale their attacks
and expand their targets. According to the Verizon 2019 Data
Breach Investigations Report, 3 43% of cyberattacks now target
small businesses. Where once attacks targeted large, high-
profit organizations, attacks have now become cheap enough
to execute that criminals are moving down-market.
In the face of mounting threats and a growing talent gap,
it’s clear that most organizations cannot solve it all
in-house. Organizations of every size are looking to
partners and providers to help harden and future-proof
their operations. This is why HP has spent over two decades
investing in cybersecurity research, committing to long-
term innovation with a dedicated security research team
at HP Labs devoted to analyzing the threat landscape,
anticipating attack trends, and pursuing focused research to
design solutions to better protect customers at manageable
costs. We are also investing in expanding the security
talent across the organization, and recently accelerated that
with the acquisition of Bromium. Bromium has developed
advanced micro-virtualization technology that isolates
25