HP Wolf Security uncovers rising attacks on global hardware supply chain
A recent study by HP Wolf Security has revealed alarming insights into the vulnerability of business supply chains to nation-state threat actors.
The study found that 19 per cent of businesses globally have been impacted by such actors targeting physical supply chains, with a notably higher incidence of 29 per cent reported by United States (U.S.) businesses.
This growing threat underscores the critical need for organisations to ensure the integrity of their device hardware and firmware.
The survey was conducted by Censuswide on behalf of HP Inc. from February 22 to March 5, 2024, and included 803 IT and security decision-makers from the U.S., Canada, United Kingdom (UK), Japan, Germany, and France.
The study found that 35 per cent of organisations believe they or their associates have been affected by nation-state actors inserting malicious hardware or firmware into supply chains, while 91 per cent of respondents anticipate that nation-state actors will increasingly target physical supply chains to introduce malware or malicious components.
The study also showed that 63 per cent of those surveyed believe that the next significant nation-state attack will involve the poisoning of hardware supply chains.
The Principal Threat Researcher at HP Security Lab, Alex Holland, explained that system security relies on strong supply chain security, starting with the assurance that devices are built with intended components and haven’t been tampered with during transit.
Holland explained that if an attacker compromises a device at the firmware or hardware layer, they will gain unparalleled visibility and control.
The study has also raised organisational concerns on growing attention as 78 per cent of IT security decision-makers plan to increase their focus on software and hardware supply chain security with attackers becoming more adept at infecting devices during transit.
The study at highlighted verification challenges noting that 51 per cent are worried they cannot verify whether PC, laptop, or printer hardware and firmware have been compromised during transit.
The study also address the need for solutions as 77 per cent express a need for methods to verify hardware integrity to mitigate the risk of device tampering.
The study outlined recommendations as HP Wolf Security advises customers to adopt platform certificate technology, which a technology that helps verify hardware and firmware integrity upon device delivery.
The security firm also recommended customers secure firmware configuration, using tools like HP Sure Admin or HP Security Manager can help manage firmware settings securely as well as utilise vendor factory services to enable hardware and firmware security configurations directly from the factory.
The security firm further called for monitoring compliance to ensure ongoing compliance of device hardware and firmware configurations across the fleet.
Latest
Get the latest news delivered straight to your inbox every day of the week. Stay informed with the Guardian’s leading coverage of Nigerian and world news, business, technology and sports.
0 Comments
We will review and take appropriate action.