HP study exposes cybersecurity gaps in device lifecycle, growing e-waste crisis
HP Inc. has released a new report that highlights the cybersecurity implications stemming from inadequate device security across their lifecycle.
The study, which surveyed over 800 IT and security decision-makers (ITSDMs) and more than 6,000 work-from-anywhere (WFA) employees, highlights critical vulnerabilities in endpoint devices, including PCs, laptops, and printers.
Key findings emphasise the need to prioritise hardware and firmware security to protect organisations from growing cyber threats, including attacks accelerated by artificial intelligence (AI).
The report outlined significant gaps across five stages of the device lifecycle, which include, supplier selection, onboarding and configuration, ongoing management, monitoring and remediation as well as second life and decommissioning.
The findings revealed that 34 per cent of organisations reported a cybersecurity audit failure by a PC, laptop, or printer supplier in the last five years, with 18 per cent terminating contracts over serious violations.
Also, 60 per cent of ITSDMs expressed concern over procurement teams excluding IT and security in supplier evaluations, leaving organisations exposed, while 53 per cent admitted to using weak or shared BIOS passwords, rarely updating them during the device’s lifespan.
Further findings show that Fear of Making Updates (FOMU) affects 57 per cent of ITSDMs, delaying firmware updates despite the rise of AI-accelerated threats, while 71 per cent believe work-from-anywhere models complicate platform security management.
Also, lost or stolen devices result in yearly costs of $8.6 billion, with 20 per cent of WFA employees reporting such incidents, while blind spots persist, with 63 per cent of ITSDMs struggling to detect hardware and firmware vulnerabilities.
The report also showed that data security concerns impede device recycling or repurposing, with 59 per cent opting to destroy old devices, contributing to the growing e-waste crisis.
The Chief Technologist for Security Research and Innovation at HP, Boris Balacheff, underscored the long-term implications of ignoring platform security.
Balacheff stated that device procurement is a critical security decision, noting that failure to integrate robust hardware and firmware security measures can leave organisations exposed for years.
The report recommended a lifecycle-focused approach to mitigate risks, which include enforcement of IT and security involvement in procurement decisions, implementing secure, zero-touch onboarding solutions and deploying tools for remote monitoring and prompt firmware updates.
Others are utilising advanced device tracking and data-wiping solutions as well as prioritising secure data erasure to enable recycling or donation.
On e-waste and ESG implication, the report emphasised that data security fears exacerbate environmental challenges.
Nearly 70 per cent of ITSDMs admitted to stockpiling reusable devices due to sanitisation concerns, with many opting for destruction over recycling.
The SVP of Operations at HP, Grant Hoffman, explained that proper data sanitisation is essential for both security and sustainability.
According to Hoffman, partnering with trusted IT asset disposition vendors can turn this challenge into an opportunity to meet compliance and ESG goals.
The HP Wolf Security’s findings called for a shift in mindset, stressing that organisations must address security holistically, from supplier audits to device decommissioning, to protect against evolving threats and reduce waste.
Related
Latest
Get the latest news delivered straight to your inbox every day of the week. Stay informed with the Guardian’s leading coverage of Nigerian and world news, business, technology and sports.
0 Comments
We will review and take appropriate action.