A brand new report from HP Wolf Safety has highlighted the rising hazard from risk actors concentrating on bodily system provide chains with 19% of organizations saying they’ve been impacted by nation-state risk actors concentrating on bodily PC, laptop computer or printer provide chains.
Of the 800 IT and safety choice makers surveyed, nearly all (91%) imagine nation-state risk actors will goal bodily PC, laptop computer or printer provide chains to insert malware or malicious parts into {hardware} and/or firmware.
In the meantime, over a 3rd (35%) of organizations mentioned that they or others they know have already been impacted by nation-state risk actors concentrating on provide chains to attempt to insert malicious {hardware} or firmware into gadgets.
“System safety depends on sturdy provide chain safety, beginning with the peace of mind that gadgets are constructed with the supposed parts and haven’t been tampered with within the manufacturing unit or throughout transit,” commented Alex Holland, Principal Risk Researcher within the HP Safety Lab.
“If an attacker compromises a tool on the firmware or {hardware} layer, they’ll achieve unparalleled visibility and management over all the things that occurs on that machine. Simply think about what that might appear like if it occurs to the CEO’s laptop computer,” he mentioned.
Round two-thirds (63%) of safety leaders surveyed additionally imagine that the subsequent main nation-state assault will contain poisoning {hardware} provide chains to insert malware.
How you can Handle {Hardware} and Firmware Safety
HP Wolf Safety has suggested prospects to take the next steps to assist proactively handle system {hardware} and firmware safety:
- Undertake Platform Certificates expertise, that is designed to allow verification of {hardware} and firmware integrity upon system supply
- Securely handle firmware configuration of gadgets
- Benefit from vendor manufacturing unit companies to allow {hardware} and firmware safety configurations proper from the manufacturing unit
- Monitor ongoing compliance of system {hardware} and firmware configuration throughout your fleet of gadgets
The HP Wolf Safety survey was carried out from February 22 to March 5, 2024. It’s primarily based on a survey of 803 IT and safety decision-makers within the US, Canada, UK, Japan, Germany and France. The survey was carried out on-line.
HP Wolf Safety’s analysis was launched forward of Black Hat USA 2024.