29 September 2024, Sun |
9:30 PM
HP Inc. (NYSE: HPQ) has unveiled the results of a new global survey that highlights increasing worries among businesses about nation-state threat actors targeting physical supply chains to compromise device hardware and firmware. The study, which involved 800 IT and security decision-makers, underscores the urgent need for organizations to focus on maintaining hardware and firmware integrity to combat the rising threat of tampering.
The survey reveals that nearly 20% of organizations have been affected by attacks targeting physical supply chains for PCs, laptops, or printers, with this figure climbing to 29% in the US. Furthermore, over one-third of respondents (35%) believe that their organizations or those they know have already fallen victim to such attacks, where malicious hardware or firmware was inserted into devices. A staggering 91% of participants expect that nation-state actors will continue to target supply chains to insert malware or malicious components into hardware or firmware, with almost two-thirds (63%) predicting that the next major attack will involve poisoning hardware supply chains.
Alex Holland, Principal Threat Researcher at HP Security Lab, comments, “System security relies heavily on strong supply chain security. If an attacker compromises a device at the firmware or hardware level, they gain unprecedented visibility and control over the machine.” Holland also points out the difficulty in detecting such attacks, as they often occur below the operating system level, making them challenging to remove and remediate.
The study indicates that 78% of IT and security decision-makers anticipate increasing their focus on software and hardware supply chain security due to the growing threat of infections during device transit. Many organizations are concerned about their ability to detect tampering, with 51% expressing doubts about verifying whether PC, laptop, or printer hardware and firmware have been compromised. Additionally, 77% acknowledge the need for robust methods to verify hardware integrity and mitigate tampering risks.
Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Inc. Security Lab, highlights HP’s commitment to addressing these concerns: “HP is focused on delivering PCs and printers with leading hardware and firmware security features designed to ensure resilience and manage device security throughout their lifecycle.”
HP Wolf Security recommends several steps for businesses to proactively manage hardware and firmware security:
– Adopt Platform Certificate Technology: This enables verification of hardware and firmware integrity upon delivery.
– Secure Firmware Management: Use technologies like HP Sure Admin and HP Security Manager for remote firmware management with cryptographic security.
– Leverage Vendor Factory Services: Utilize services such as HP Tamper Lock and Sure Recover to ensure secure configurations from the factory.
– Monitor Compliance: Continuously check the hardware and firmware configurations of devices across your fleet.
As organizations face evolving cyber threats, HP’s proactive approach aims to enhance resilience and safeguard against supply chain vulnerabilities.
