A recent study by HP Wolf Security found that 19% of businesses have been impacted by nation-state threat actors targeting physical supply chains, with 29% of US businesses reporting such incidents. The study highlights the need for organizations to focus on device hardware and firmware integrity.
Key Findings:
- 35% of organizations believe they or others they know have been impacted by nation-state threat actors targeting supply chains to insert malicious hardware or firmware.
- 91% of organizations believe nation-state threat actors will target physical supply chains to insert malware or malicious components.
- 63% believe the next major nation-state attack will involve poisoning hardware supply chains.
Expert Insights:
“System security relies on strong supply chain security, starting with the assurance that devices are built with intended components and haven’t been tampered with during transit,” says Alex Holland, Principal Threat Researcher at HP Security Lab. “If an attacker compromises a device at the firmware or hardware layer, they’ll gain unparalleled visibility and control.”
Organizational Concerns:
- 78% of IT security decision-makers say their attention to software and hardware supply chain security will grow as attackers try to infect devices during transit.
- 51% are concerned they cannot verify if PC, laptop, or printer hardware and firmware have been tampered with during transit.
- 77% say they need a way to verify hardware integrity to mitigate the risk of device tampering.
Recommendations:
HP Wolf Security advises customers to:
- Adopt Platform Certificate technology to verify hardware and firmware integrity upon device delivery.
- Securely manage firmware configuration using technology like HP Sure Admin or HP Security Manager.
- Take advantage of vendor factory services to enable hardware and firmware security configurations right from the factory.
- Monitor ongoing compliance of device hardware and firmware configuration across the fleet.
About the Study:
The survey was conducted by Censuswide on behalf of HP Inc. from February 22 – March 5, 2024, among 803 IT and security decision-makers in the US, Canada, UK, Japan, Germany, and France.
About HP:
HP Inc. (NYSE: HPQ) is a global technology leader creating solutions that enable people to bring their ideas to life and connect to what matters most. Operating in over 170 countries, HP delivers innovative and sustainable devices, services, and subscriptions for personal computing, printing, 3D printing, hybrid work, gaming, and more. Visit (link unavailable) for more information.
About HP Wolf Security:
HP Wolf Security is world-class endpoint security providing comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services. Visit (link unavailable) for more information.