Report Reveals Cybersecurity Best, Worst Practices

By Doug Black

November 18, 2016

Looming behind the excitement at SC16 around new digital enterprise strategies is the growing menace of cyber-attacks. But in spite of these worries, the state of cybersecurity readiness at too many companies is woefully inadequate. 

That’s the finding of Bob Sorensen, research vice president, HPC Group, at industry watcher IDC delivered at the analyst group’s annual HPC Update breakfast at SC16 this week in Salt Lake City. Sorensen’s message: If your company has the characteristics of a cybersecurity “worst practitioner” (which tends to be among public utilities, hospitals and universities – manufacturers are generally “middle of the pack”), the time to adopt new cybersecurity strategies is now.

IDC conducted a study of cybersecurity at 62 large industries in the U.S. and Europe across the financial services, technology, manufacturing, retail, hospital and academic sectors. Here are excerpts of his comments:

The State of Cybersecurity

The key concerns that came out in our study: Most US companies are underprepared to deal with cybersecurity threats. Even though there are lots of good best practices, they’re only being conducted by a small number of leading-edge firms. On average, firms are not availing themselves of what’s readily available, and that’s a cause for concern.

Detecting a breach can take up to two years. That’s really a disturbing concept, that someone could be nosing around corporate data that’s not only unprotected, not just to steal data, but to change it. Data integrity is a concern, the idea that the data you’re using to make critical decisions in research or business process environments may not be the right data, it may have been changed for nefarious reasons. It’s one of the silent concerns.

idc-security-2-sc16

The Big Fear: Reputation Damage

One of the things we found with the Target breach, a very public intrusion, is that Target really didn’t take a huge financial hit on the actual intrusion itself. There was insurance in place, there was pushing off losses to the finance companies that Target deals with.

What we found, what really scares companies, isn’t the loss of dollars, it’s the loss of reputation, which brings with it a future loss of income that you simply cannot determine. Companies…can buy insurance for a particular hit, that’s a known quantity, but what they can’t do is figure out how that affects their line of business down the line. Which speaks in some sense to the idea that there’s probably a lot of cyber-attacks we’re not finding out about simply because it benefits these companies greatly to keep attacks under wraps as long as possible.

Malware Manners

We heard this time and again: malware people are conducing themselves in a very proper and organized manner. The thinking with a lot of them is…they don’t charge too much because they don’t want to kill the goose that laid the golden egg. (Malware practitioners think of it as) a very refined, respectable business to be in. You come in and say: ‘Give us some money and we’ll go away.’ You give them money and they do go away because if they don’t, no one’s going to give them more money. And if they ask for too much money there are going to be problems. So right now it’s a very genteel world out there for malware.

Conflicting Priorities: Security and Access

IDC's Bob Sorensen
IDC’s Bob Sorensen

There’s a major tradeoff between security and easy access (to the network and to data). It’s something every business has to deal with. We asked questions about balancing security and processes, and the underlying goal is: ‘We have to do both, we can’t sacrifice our business plan for our cybersecurity.’ We found time and again even among the best practitioners in data security: Job 1 is conducting business, and that process is king. This is handed down from the board of directors of the company, and then they tell cybersecurity teams, ‘Make us secure under this realm.’

Proliferating Points of Attack

Heterogeneity is a problem: the idea of ‘bring your own device,’ multiple operating systems, clouds. There are lots and lots of end points out there, lots of way to enter a network, and these are things cybersecurity folks are definitely worried about.

We talked to the cybersecurity chief at Nike, he said he has 59 (network) access points to worry about every day because he has to make everyone who gets on the Nike website, who wants to look at the new and latest sneaker, has access, can order, can conduct business. That’s his job, and he has to work within those confines.

There is increasing access from the network edges. The one I would point out is suppliers. Supply chain issues I think are really interesting. More and more large industrial companies are increasingly tied electronically to their supply chain, and that is a real vulnerability….

Worst Practices: Wait and See

A lot of the worst practitioners really just buy insurance…. The worst practitioners time after time said, ‘We have the best tools, life has got to be good.’ The story we like to repeat: the companies that seem to be most sanguine with their cybersecurity infrastructure say: ‘We’ve never been hit before so we must be doing something right.’ They weren’t terribly forward looking when it came to actually making sure they were more secure….

Everybody (in the survey) had data breach plans, but… a lot of them were not IT-related. The thinking wasn’t to gather up forensics and figure out how to plug holes. It was how to deal with the publicity aspect, the legal aspects, the privacy concerns, the possibility of getting sued. This surprised us….

Best Practices: People vs. People

One thing we found is that the best practitioners see this as a people vs people battle. This is not a tool war where as long as you have the best software, as long as you roll out the patches when you’re supposed to, then life is good. It’s really about finding, hiring and retaining the best people to go after the people who are trying to get at you.

Best Practices: Be Proactive

An interesting concept that we see is that proactive cybersecurity team think in terms of educating the user base within their companies. They’re not just sitting back and making sure the patches are installed and making sure everyone changes their password every six months. It’s really more about reaching out…to the individual people within firms and making sure they understand their roles.

For example, one company closely watches social media. And they look for key events that they think could trigger a phishing attack. When it became known that Prince had died, they sent out an email to their entire company saying there’s a good chance you’re going to get an email in the next 24 hours asking if you want to see the Prince tribute video. So the idea is to proactively get employees to be aware of what their responsibilities are.

Another story we heard is about companies buying stolen credit card numbers. Not because they want to get involved in law enforcement but because it’s cheaper to buy stolen credit card numbers and put them in your database. So if someone tries to buy something with a stolen number you can kick them out. It’s an interesting, proactive way to do this.

So the good cybersecurity team isn’t waiting for problems, it’s going after solving them before they happen.

idc-security-best-practices-sc16

Data Scientists and Cybersecurity

Most companies aren’t using Big Data (for cybersecurity purposes) in the sense that we in the HPC community think about Big Data… When we asked companies why they weren’t using Big Data, they said they can’t find Big Data scientists who know how to do cybersecurity.

And when we went to companies that have lines of business that use smart data scientists, they said, ‘Yeah, they’re over there contributing to the bottom line of the company. We can’t bring them over to cybersecurity, they’re going to stay over there making money for the company.’

Virtual Cybersecurity Data Science

What I see in the future is really where HPC comes into play here. The goal for a lot of cybersecurity teams is real-time intrusion detection. They want to have a dashboard that tells them something odd has happened in the network. And a lot of folks think that deep learning – the idea that you have a system that monitors the steady state of the network and rises to the attention of humans where something has gone awry.

We’re going to see more efforts for high powered systems and deep learning to do real-time monitoring…almost as a way to get companies out of having to find data scientists. This might be an ultimate method toward dealing with cybersecurity… It’s something the HPC world is going to be involved in much more going forward.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

SC22 Unveils ACM Gordon Bell Prize Finalists

August 12, 2022

Courtesy of the schedule for the SC22 conference, we now have our first glimpse at the finalists for this year’s coveted Gordon Bell Prize. The Gordon Bell Prize, of course, comes with an award of $10,000 courtesy of H Read more…

Q&A with ORNL’s Bronson Messer, an HPCwire Person to Watch in 2022

August 12, 2022

HPCwire presents our interview with Bronson Messer, distinguished scientist and director of Science at the Oak Ridge Leadership Computing Facility (OLCF), ORNL, and an HPCwire 2022 Person to Watch. Messer recaps ORNL's journey to exascale and sheds light on how all the pieces line up to support the all-important science. Also covered are the role... Read more…

TACC Simulations Probe the First Days of Stars, Black Holes

August 12, 2022

The stunning images produced by the James Webb Space Telescope and recent supercomputer-enabled black hole imaging efforts have brought the early days of the universe quite literally into sharp focus. Researchers from th Read more…

Google Program to Free Chips Boosts University Semiconductor Design

August 11, 2022

A Google-led program to design and manufacture chips for free is becoming popular among researchers and computer enthusiasts. The search giant's open silicon program is providing the tools for anyone to design chips, which then get manufactured. Google foots the entire bill, from a chip's conception to delivery of the final product in a user's hand. Google's... Read more…

Argonne Deploys Polaris Supercomputer for Science in Advance of Aurora

August 9, 2022

Argonne National Laboratory has made its newest supercomputer, Polaris, available for scientific research. The system, which ranked 14th on the most recent Top500 list, is serving as a testbed for the exascale Aurora system slated for delivery in the coming months. The HPE-built Polaris system (pictured in the header) consists of 560 nodes... Read more…

AWS Solution Channel

Shutterstock 1519171757

Running large-scale CFD fire simulations on AWS for Amazon.com

This post was contributed by Matt Broadfoot, Senior Fire Strategy Manager at Amazon Design and Construction, and Antonio Cennamo ProServe Customer Practice Manager, Colin Bridger Principal HPC GTM Specialist, Grigorios Pikoulas ProServe Strategic Program Leader, Neil Ashton Principal, Computational Engineering Product Strategy, Roberto Medar, ProServe HPC Consultant, Taiwo Abioye ProServe Security Consultant, Talib Mahouari ProServe Engagement Manager at AWS. Read more…

Microsoft/NVIDIA Solution Channel

Shutterstock 1689646429

Gain a Competitive Edge using Cloud-Based, GPU-Accelerated AI KYC Recommender Systems

Financial services organizations face increased competition for customers from technologies such as FinTechs, mobile banking applications, and online payment systems. To meet this challenge, it is important for organizations to have a deep understanding of their customers. Read more…

US CHIPS and Science Act Signed Into Law

August 9, 2022

Just a few days after it was passed in the Senate, the U.S. CHIPS and Science Act has been signed into law by President Biden. In a ceremony today, Biden signed and lauded the ambitious piece of legislation, which over the course of the legislative process broadened to include hundreds of billions in additional science and technology spending. He was flanked by Speaker... Read more…

Q&A with ORNL’s Bronson Messer, an HPCwire Person to Watch in 2022

August 12, 2022

HPCwire presents our interview with Bronson Messer, distinguished scientist and director of Science at the Oak Ridge Leadership Computing Facility (OLCF), ORNL, and an HPCwire 2022 Person to Watch. Messer recaps ORNL's journey to exascale and sheds light on how all the pieces line up to support the all-important science. Also covered are the role... Read more…

Google Program to Free Chips Boosts University Semiconductor Design

August 11, 2022

A Google-led program to design and manufacture chips for free is becoming popular among researchers and computer enthusiasts. The search giant's open silicon program is providing the tools for anyone to design chips, which then get manufactured. Google foots the entire bill, from a chip's conception to delivery of the final product in a user's hand. Google's... Read more…

Argonne Deploys Polaris Supercomputer for Science in Advance of Aurora

August 9, 2022

Argonne National Laboratory has made its newest supercomputer, Polaris, available for scientific research. The system, which ranked 14th on the most recent Top500 list, is serving as a testbed for the exascale Aurora system slated for delivery in the coming months. The HPE-built Polaris system (pictured in the header) consists of 560 nodes... Read more…

US CHIPS and Science Act Signed Into Law

August 9, 2022

Just a few days after it was passed in the Senate, the U.S. CHIPS and Science Act has been signed into law by President Biden. In a ceremony today, Biden signed and lauded the ambitious piece of legislation, which over the course of the legislative process broadened to include hundreds of billions in additional science and technology spending. He was flanked by Speaker... Read more…

12 Midwestern Universities Team to Boost Semiconductor Supply Chain

August 8, 2022

The combined stressors of Covid-19 and the invasion of Ukraine have sent every major nation scrambling to reinforce its mission-critical supply chains – including and in particular the semiconductor supply chain. In the U.S. – which, like much of the world, relies on Asia for its semiconductors – those efforts have taken shape through the recently... Read more…

Quantum Pioneer D-Wave Rings NYSE Bell, Begins Life as Public Company

August 8, 2022

D-Wave Systems, one of the early quantum computing pioneers, has completed its SPAC deal to go public. Its merger with DPCM Capital was completed last Friday, and today, D-Wave management rang the bell on the New York Stock Exchange. It is now trading under two ticker symbols – QBTS and QBTS WS (warrant shares), respectively. Welcome to the public... Read more…

Supercomputer Models Explosives Critical for Nuclear Weapons

August 6, 2022

Lawrence Livermore National Laboratory (LLNL) is one of the laboratories that operates under the auspices of the National Nuclear Security Administration (NNSA), which manages the United States’ stockpile of nuclear weapons. Amid major efforts to modernize that stockpile, LLNL has announced that researchers from its own Energetic Materials Center... Read more…

SEA Changes: How EuroHPC Is Preparing for Exascale

August 5, 2022

Back in June, the EuroHPC Joint Undertaking – which serves as the EU’s concerted supercomputing play – announced its first exascale system: JUPITER, set to be installed by the Jülich Supercomputing Centre (FZJ) in 2023. But EuroHPC has been preparing for the exascale era for a much longer time: eight months... Read more…

Nvidia R&D Chief on How AI is Improving Chip Design

April 18, 2022

Getting a glimpse into Nvidia’s R&D has become a regular feature of the spring GTC conference with Bill Dally, chief scientist and senior vice president of research, providing an overview of Nvidia’s R&D organization and a few details on current priorities. This year, Dally focused mostly on AI tools that Nvidia is both developing and using in-house to improve... Read more…

Royalty-free stock illustration ID: 1919750255

Intel Says UCIe to Outpace PCIe in Speed Race

May 11, 2022

Intel has shared more details on a new interconnect that is the foundation of the company’s long-term plan for x86, Arm and RISC-V architectures to co-exist in a single chip package. The semiconductor company is taking a modular approach to chip design with the option for customers to cram computing blocks such as CPUs, GPUs and AI accelerators inside a single chip package. Read more…

The Final Frontier: US Has Its First Exascale Supercomputer

May 30, 2022

In April 2018, the U.S. Department of Energy announced plans to procure a trio of exascale supercomputers at a total cost of up to $1.8 billion dollars. Over the ensuing four years, many announcements were made, many deadlines were missed, and a pandemic threw the world into disarray. Now, at long last, HPE and Oak Ridge National Laboratory (ORNL) have announced that the first of those... Read more…

US Senate Passes CHIPS Act Temperature Check, but Challenges Linger

July 19, 2022

The U.S. Senate on Tuesday passed a major hurdle that will open up close to $52 billion in grants for the semiconductor industry to boost manufacturing, supply chain and research and development. U.S. senators voted 64-34 in favor of advancing the CHIPS Act, which sets the stage for the final consideration... Read more…

Top500: Exascale Is Officially Here with Debut of Frontier

May 30, 2022

The 59th installment of the Top500 list, issued today from ISC 2022 in Hamburg, Germany, officially marks a new era in supercomputing with the debut of the first-ever exascale system on the list. Frontier, deployed at the Department of Energy’s Oak Ridge National Laboratory, achieved 1.102 exaflops in its fastest High Performance Linpack run, which was completed... Read more…

Newly-Observed Higgs Mode Holds Promise in Quantum Computing

June 8, 2022

The first-ever appearance of a previously undetectable quantum excitation known as the axial Higgs mode – exciting in its own right – also holds promise for developing and manipulating higher temperature quantum materials... Read more…

AMD’s MI300 APUs to Power Exascale El Capitan Supercomputer

June 21, 2022

Additional details of the architecture of the exascale El Capitan supercomputer were disclosed today by Lawrence Livermore National Laboratory’s (LLNL) Terri Read more…

PsiQuantum’s Path to 1 Million Qubits

April 21, 2022

PsiQuantum, founded in 2016 by four researchers with roots at Bristol University, Stanford University, and York University, is one of a few quantum computing startups that’s kept a moderately low PR profile. (That’s if you disregard the roughly $700 million in funding it has attracted.) The main reason is PsiQuantum has eschewed the clamorous public chase for... Read more…

Leading Solution Providers

Contributors

ISC 2022 Booth Video Tours

AMD
AWS
DDN
Dell
Intel
Lenovo
Microsoft
PENGUIN SOLUTIONS

Exclusive Inside Look at First US Exascale Supercomputer

July 1, 2022

HPCwire takes you inside the Frontier datacenter at DOE's Oak Ridge National Laboratory (ORNL) in Oak Ridge, Tenn., for an interview with Frontier Project Direc Read more…

AMD Opens Up Chip Design to the Outside for Custom Future

June 15, 2022

AMD is getting personal with chips as it sets sail to make products more to the liking of its customers. The chipmaker detailed a modular chip future in which customers can mix and match non-AMD processors in a custom chip package. "We are focused on making it easier to implement chips with more flexibility," said Mark Papermaster, chief technology officer at AMD during the analyst day meeting late last week. Read more…

Intel Reiterates Plans to Merge CPU, GPU High-performance Chip Roadmaps

May 31, 2022

Intel reiterated it is well on its way to merging its roadmap of high-performance CPUs and GPUs as it shifts over to newer manufacturing processes and packaging technologies in the coming years. The company is merging the CPU and GPU lineups into a chip (codenamed Falcon Shores) which Intel has dubbed an XPU. Falcon Shores... Read more…

Nvidia, Intel to Power Atos-Built MareNostrum 5 Supercomputer

June 16, 2022

The long-troubled, hotly anticipated MareNostrum 5 supercomputer finally has a vendor: Atos, which will be supplying a system that includes both Nvidia and Inte Read more…

India Launches Petascale ‘PARAM Ganga’ Supercomputer

March 8, 2022

Just a couple of weeks ago, the Indian government promised that it had five HPC systems in the final stages of installation and would launch nine new supercomputers this year. Now, it appears to be making good on that promise: the country’s National Supercomputing Mission (NSM) has announced the deployment of “PARAM Ganga” petascale supercomputer at Indian Institute of Technology (IIT)... Read more…

Is Time Running Out for Compromise on America COMPETES/USICA Act?

June 22, 2022

You may recall that efforts proposed in 2020 to remake the National Science Foundation (Endless Frontier Act) have since expanded and morphed into two gigantic bills, the America COMPETES Act in the U.S. House of Representatives and the U.S. Innovation and Competition Act in the U.S. Senate. So far, efforts to reconcile the two pieces of legislation have snagged and recent reports... Read more…

AMD Lines Up Alternate Chips as It Eyes a ‘Post-exaflops’ Future

June 10, 2022

Close to a decade ago, AMD was in turmoil. The company was playing second fiddle to Intel in PCs and datacenters, and its road to profitability hinged mostly on Read more…

Exascale Watch: Aurora Installation Underway, Now Open for Reservations

May 10, 2022

Installation has begun on the Aurora supercomputer, Rick Stevens (associate director of Argonne National Laboratory) revealed today during the Intel Vision event keynote taking place in Dallas, Texas, and online. Joining Intel exec Raja Koduri on stage, Stevens confirmed that the Aurora build is underway – a major development for a system that is projected to deliver more... Read more…

  • arrow
  • Click Here for More Headlines
  • arrow
HPCwire