Oracle CEO: I go through each day not wanting to get 'the call'
Security

Oracle CEO: I go through each day not wanting to get 'the call'

Everyone from bedroom hackers to nation states is trying to hack Oracle, its chief executive officer Mark Hurd has told Computerworld.

“As you can imagine I go through the day not wanting to have the call that somebody’s hacked us,” Hurd said at a media roundtable at the company’s OpenWorld conference in San Francisco last month.

Asked exactly who was attempting to breach the company’s cyber defences, Hurd said: “Virtually everyone; from someone that’s in their pyjamas in their basement, to a nation state.”

In recent years, determining the origins of attacks has become “much more difficult to deal with” if not impossible Hurd explained, due to a “blurring of the lines between good guys and bad guys”.

“It used to be we could see the metadata signature – if you went back four or five years ago – and say ‘ah that’s coming from these guys’. Now many people working for one actor in a nation state, have been recruited to another actor. They use the signatures from the place they came from but they’re actually employed somewhere else,” he said.

The landscape of malicious actors has changed considerably in the last few years Hurd added, and they posed a greater threat than ever before.

“We’re investing in the United States in aircraft carriers, and they’re expensive it turns out — turns out it costs $2.5 billion to build an aircraft carrier — but get 15 guys together and you can have a cyber squad, maybe just as dangerous if not more than an aircraft carrier,” he told Computerworld.

Patch already

It is not surprising that Oracle, and its products, are prime targets for hackers. The company has not always responded well to those trying to find gaps and bugs in its software.

Read more: Oracle's quest to make blockchain disappear completely

In 2015, Oracle chief security officer Mary Ann Davidson posted a rant against customers “reverse engineering our code to attempt to find security vulnerabilities in it”. The post – which included the line “please comply with your license agreement and stop reverse engineering our code, already” – was up for less than 24 hours before it was deleted.

One of the biggest risks Oracle customers run around unwarranted access to their systems is a result of failing to patch in a timely fashion.

Oracle’s Enterprise Resource Planning (ERP) software, for example, “holds the crown jewels” for the thousands of businesses that use it. According to a July report from Digital Shadows and Onapsis, Oracle ERP vulnerabilities have been steadily growing in number over the last 10 years.

The report noted that “systems are often left unpatched for years in the name of operational availability”.

Read more: Oracle apps make blockchain easier, but consortium challenges remain

Transfer the risk

Oracle is hoping to fill those gaping holes with its new Autonomous Database product which uses machine learning to automatically upgrade, patch, and tune as it runs; and automates security updates with no downtime window required.

Not having to find appropriate times to implement patches is significant for businesses, Hurd said.

“It’s just limitless and it doesn’t take much to pull up a website and find out where the patches are, to find out what’s been patched and to know what the windows are, and if you’ve got a computer and your technically competent you’re in business,” he said.

Read more: Former Apple Russia chief to lead Oracle A/NZ, as MD exits

Adoption of autonomous patching products like Autonomous Database “transfers the risk” to Oracle, Hurd explained.

“It’s not a great job when you’re a CEO, people write things about you and if you get hacked and you lose important data, particularly customer data this is very difficult. So I not only need to look for security I also need to offload the risk,” he said.

“The risk, and by the way the cost of the risk, transfers in some respects from the customer to us. Not all the risk because you selected us so you still have some risk in that process, but certainly less than what you had before. And we’re now going to take on the job of fighting the bad guys and in general we’re going to do that a whole lot better than any individual company’s going to,” Hurd said.

“It’s a big differentiator,” he added.

@georgepnott

The author travelled to Oracle OpenWorld as a guest of Oracle.

PREVIOUS ARTICLE

« Google Cloud launches AI Hub to simplify machine learning deployment

NEXT ARTICLE

Parallels Desktop 14 for Mac review: Supercharged virtualization has arrived »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends

Poll

Is your organization fully GDPR compliant?