HP Wolf Security study reveals that 1 in 4 companies in France are affected by cyberattacks on their IT hardware supply chains – Global Security Mag Online

HP Inc. presents global survey results that indicate growing concern about nation-state threat actors targeting corporate supply chains and compromising the integrity of device hardware and firmware. A survey of 800 IT decision makers and enterprise security managers highlights the need for embedded hardware and firmware integrity, in a context where attacks on supply chains and device corruption attempts are likely to increase.

The main decisions for the French market are as follows:

One in four organizations (26%) say they have been affected by state/nation threats targeting the supply chains of desktop PCs, laptops or printers.

Almost half (47%) of the organizations surveyed believe that they or other companies they know have already been affected by nation-state cyber attacks targeting supply chains. Attacks were aimed at trying to introduce malware or corrupt components into devices.

91% believe that this type of attack could happen especially for PCs, laptops or printers in their IT equipment.

Nearly two-thirds (58%) of respondents predict that the next major nation-state attack will involve breaking into hardware supply chains to introduce malware .

“The security of systems depends on the security of the supply chain. To prevent risks, it is a matter of ensuring that the components of the devices have not been changed during transport. If a hacker puts a device at risk” At the level firmware or hardware, he will have perfect visibility and control over everything that is happening on that device. Imagine what it would be like if it happened on a CEO’s laptop,” said Alex Holland.

“These types of attacks are difficult to detect because most security tools focus on the operating system level. Those attacks that are able to get hold under the operating system are very complicated to eliminate. The work of IT security teams is very complicated then, continues.

Given the magnitude of the challenge, 83% of IT decision makers in France say that the security of the software and hardware supply chain will be one of their priorities.

The survey reveals that businesses are concerned that they do not have enough visibility and are not equipped to protect against these threats to the equipment supply chain. In France, almost half (47%) of IT decision-makers cannot check whether the hardware and firmware of desktop PCs, laptops or printers have been changed during transport. As a result, 78% say they need a way to verify hardware integrity to reduce the risk of tampering with devices.

“In this context of threats, security management in a hybrid work environment must begin by ensuring that devices at lower levels have not been compromised. That’s why HP offers PCs and printers with hardware and firmware security basics designed to be resilient. enabling businesses to manage, monitor and restore hardware and firmware security throughout the life of devices, across the entire IT fleet”, said Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Inc. Security Lab.

Recognizing these risks, the HP Wolf Security team recommends that customers take the following steps to proactively manage the security of devices and their firmware, starting at the manufacturing plant:

Adopt Platform Certification technology, designed to verify the integrity of hardware and firmware when the device is delivered.

Securely manage device configurations and their firmware using technologies such as HP Sure Admin (for PCs), or HP Security Manager (Support). These solutions allow administrators to remotely manage firmware using public key encryption, avoiding the need for less secure password-based approaches.

Use vendor factory services to enable hardware and firmware security configuration from the factory, such as HP Tamper Lock, Sure Admin, or Sure Recover technologies.

Check the permanent compliance of the hardware and firmware configuration of the IT equipment.

About the data

The survey was conducted by Censuswide for HP Inc. from February 22 to March 5, 2024. It is based on a survey of 803 IT and security decision-makers in the United States, Canada, the United Kingdom, Japan, Germany and France. The survey was conducted online.