“The endpoint is where devices with software vulnerabilities and fallible human users converge,” says Ian Pratt, Global Head of Security for HP Personal Systems. “Because of this, more than 70% of breaches occur via the endpoint, usually by clicking on a phishing link”.

Hybrid work has made the endpoint even more vulnerable. Studies have shown that users are more likely to click on phishing links when they are at home compared to the office. The bad actors know this and adapt their lures accordingly. When the user’s machine is compromised, it gives them more time to work through the system before anyone notices.

Massive ransom payments encourage bad actors to continue investing in their technology and attacking on a large scale. As a result, attacks are becoming increasingly sophisticated because there is a lot of money to be made.

“Moreover, machine learning has benefits for both attackers and defenders, and it is interesting to see how the battle progresses,” says Pratt. “Bad actors, for example, look for key people in an organisation and figure out how to personalise phishing links to lure them.” Thanks to AI, this research is much easier and faster to do. AI also helps cybercriminals change their tools, making their detection even more complex.

“Large language model chatbots can be socially engineered and deceived just like human operators. Even supervised chatbots can be tricked. Some of these bots handle highly sensitive information, making rigorous security and privacy controls all the more essential.” At the same time, the security industry has also been using machine learning in its defence. Computers are now designed with neural processing units (NPU) in addition to the central processing unit and the graphics processing unit. An NPU allows AI models to operate more efficiently, enabling better and more responsive threat detection.

Ian Pratt Global Head of Security for HP Personal Systems

To improve endpoint security, HP has implemented a very interesting solution. “Most software products operate by detection, but it’s much more complicated than that to solve,” says Pratt. “Indeed, false positives and false negatives are common, and bad actors have their own testing labs where they create malware capable of bypassing security software. Although products are frequently updated, there is a period of exposure where they are vulnerable, and during this period, malicious bad actors will attack organisations at the top of their target list.”

HP is working to make the machines themselves more resilient to protect against threats. Part of the problem is the lack of isolation between different functions within the computer. For example, a user clicks on a chat video containing malware, it spreads through their machine, and their bank account is emptied.

“But there is a solution,” says Pratt. “We’ve looked at methods to integrate isolation into existing systems so that each task performed is isolated from the others. This is done by creating ‘disposable’ virtual machines on physical machines. Every time a user performs a risky activity, such as clicking on a link or inserting a USB key, a virtual machine is created solely for that task, and when the task is completed, the machine is ‘disposed of’. This way, if a compromising link tricks your antivirus software, malicious actors cannot access anything else on your machine, and the threat is automatically contained. “Our customers have already performed 55 billion risky activities in disposable virtual machines, with no reported escapes so far in the real world. Isolation creates a much better security posture, which is why we are now integrating it into our machines so that every customer can benefit from it,” says Pratt.

Ensuring the privacy of applications and data even if a user’s endpoint is compromised creates a new level of security. Addressing the problem from a hardware perspective and examining the architecture, rather than retrofitting the software, is a critical strategy for making changes and moving the online world to a more secure foundation.

Beyond combating current cyber attacks, quantum computing is another area for which HP’s security teams are preparing. Pratt predicts that within less than a decade, a large quantum computer will be successfully built. These computers will be able to perform certain tasks, such as decoding complex algorithms, much faster than regular computers. Other computing equipment, such as printers, will also be affected. Much of the cryptography used in banking transactions and other highly secure online functions already relies on these algorithms.

“At HP, we are already looking at how and where highly confidential and secret information will be stored in 10 or 20 years. We need to start transitioning to cryptographic methods that cannot be cracked using a quantum computer capable of factoring large numbers. Hardware (personal systems and printing solutions) as well as software represent a challenge, as anything embedded in hardware is set in stone and cannot be updated,” says Pratt. “For this reason, we have become early adopters of quantum-resistant cryptography in our machines, so that the hardware algorithms used to boot the system and perform other essential functions will remain secure. HP is at the forefront of the industry in this area and predicts that it will soon become a requirement for certain sectors to have quantum-resistant cryptography. No organisation wants to have to announce that all of its computers and servers are vulnerable. This is a problem to be taken seriously and will happen sooner than we think,” concludes Pratt.

www.hp.com