Both HP and IBM came to market when security was the responsibility of the manufacturer, but Dell and most of the PC wave came to market with the belief that security was someone else’s job. In the early 2000s, Microsoft realized that this view was problematic because it reflected badly on Microsoft and was damaging their brand. So Microsoft pivoted hard to be more like those earlier firms and made security a high priority. Lenovo took security seriously because it merged with two large IBM units that, due to their parentage, also believed that security is serious.
While Dell builds security products, two things happened this month that drove home the point that HP and Dell are at opposite ends of the security spectrum, at least with regards to PCs. HP released and briefed on its quarterly security report, identifying rising threats that are putting its customers at risk and pivoting its efforts to protect customers aggressively from these threats. Meanwhile, Dell had a breach of customer information and kind of said “don’t worry about it”, which was totally irresponsible, from my perspective as former owner of security for my division at IBM, and as a former security auditor and analyst.
Breaches can happen to anyone, but the breached firm has a duty to inform its customers of the true risk so they can protect themselves, but that is not what happened here.
Let’s talk about the risks HP’s Wolf Security Unit has identified and why HP continues to lead on PC security while Dell is lagging really badly in this area.
HP Wolf Warnings
HP’s Wolf Security Unit is unique in the market. It’s the reason I rank HP at the top in terms of mitigating PC threats. One of the interesting things HP shared is that security protection tools have been working so well that attackers have had to get more creative and leverage employee mistakes more aggressively to breach sites. While they believed that repetitive training was the right way to mitigate employee threats, HP has changed its mind. After talking with them, I’ve changed mine as well because employees, even those that are well trained, continue to be tricked into sharing information, clicking on links, and opening attachments that shouldn’t be trusted regardless of that training. In short, attackers have figured out how to get around the training, so it is no longer effective.
It used to be that attackers would send compromised files like PDFs that are now easily detected and blocked by a variety of security products running on email gateways and on PCs. But they have gotten more creative. Now they send clean PDFs that look like they came from trusted sources that contain links to archives. This results in a download of yet another file and contain a link to a compromised or bogus website using something like WikiLoader to infect the client hardware.
In the past, one click could get you into trouble. Now it takes around 4 clicks, but instead of making people safer, people are clicking all four times and bypassing protections to infect their machines. It is also interesting to note that attackers are leaving you and me alone, at least for now, and just targeting those likely to have permissions that allow them access to corporate funds and resources. In other words, they are focusing on big scores and leaving the small scores alone.
Currently, HP’s research shows that 12% of email threats are easily bypassing multiple levels of existing email tools effectively. 11% of threats continue to come from PDFs, suggesting extra care when opening one and particularly when considering clicking a link in one of those files. 28% of threats are being downloaded from archives by employees who are totally unaware that this process bypasses security checks, and the majority of threats, 53%, are coming from email. Too often these threats are hosted on trusted services like Discord, meaning that even if the source of the file appears to be coming from a known service like Discord, they may not be safe. Boy, Discord has been in the news a lot, and not in a good way.
Wrapping Up:
I tend to take security very seriously because of my background but given the current threat landscape where we have hostile states and ever more capable criminal organizations with deep pockets creating ever more capable skills and tools to breach companies and individuals, I wonder if even I take it seriously enough.
HP does. Its Wolf Security has ramped up a unique capability that better protects users from threats like this. Dell has yet to make a similar pivot and appears to still be acting like security is your problem not everyone’s problem.
Rather than differentiating on security, I think the industry should be working together to make our world safer for everyone, including their own employees. Until or unless that ever happens, HP has once again set the bar for how PC and device security should be treated, while Dell appears to have missed that meeting. Again.