HPE infrastructure technologies and services help enterprises accelerate time to value from their data and applications. Enterprises use our servers, storage systems, and network access products to deploy and manage mission-critical workloads on-premises and in hybrid cloud environments.

In this paper, Jaikumar Vijayan explains how HPE protects the apps and data of our customers. Our approach begins at the silicon and firmware layers and flows through the supply chain, manufacturing processes, development environment, hardware, data centers, and the cloud.

The organizations we serve are under increasing pressure from customers, consumers, and regulators to secure their digital infrastructure against compromise and disruption. Attacks have become more sophisticated, threat actors are getting smarter and well organized, and the effects of information security failures have become far more consequential in terms of information and financial losses.

In 2016, cyber-attacks cost businesses worldwide $450 billion in losses. More than two billion personal records were stolen worldwide. Losses stemming from cybercrime will top $6 trillion by 2021 according to a 2016 report from Cybersecurity Ventures. These losses included data destruction and theft, lost productivity, loss of intellectual property, theft of financial and personal data, breach remediation costs, and reputational damage.

The average costs to businesses from cybercrime increased from $3.8 million in 2015 to $4 million in 2016 according to research by the Ponemon Institute. More innovative companies tended to bear higher losses: $9.5 million on average in 2016.

Cyber-attacks are no longer targeted only at the OS and applications. Attacks are also happening at the database, firmware, kernel, and hardware level. Firmware-level attacks are a particular problem. In most modern hardware, millions of lines of firmware run before the OS even boots. Adversaries that manage to inject even a couple of lines of malicious code into firmware in the supply chain, at runtime, or via physical access can steal data, create denial of service conditions, or compromise the integrity of the entire system.