businessinfomag.uk magazine 12 PRINTERS HP is alerting organisations to the growing danger of nationstates targeting physical supply chains and tampering with device hardware and firmware integrity before products even reach the customer. Its warning follows a survey of 800 IT and security decisionmakers (ITSDMs) responsible for device security which highlights the scale of the problem and the urgent need for businesses to focus on device hardware and firmware integrity. n 91% of organisations surveyed believe nation-state threat actors will target PC, laptop and printer supply chains to insert malware or malicious components into hardware and/or firmware; n 19% believe they have already been impacted by nation-state threat actors targeting those supply chains. In the US, this figure rises to 29%; n 35% believe that they or organisations known to them have already been impacted by nationstate threat actors targeting supply chains; and n 63% believe the next major nation-state attack will involve poisoning hardware supply chains to sneak in malware. Buyer beware Hard to detect Commenting on these findings, Alex Holland, Principal Threat Researcher in the HP Security Lab, said: “System security relies on strong supply chain security, starting with the assurance that devices are built with the intended components and haven’t been tampered with in the factory or during transit. If an attacker compromises a device at the firmware or hardware layer, they’ll gain unparalleled visibility and control over everything that happens on that machine. Just imagine what that could look like if it happens to the CEO’s laptop.” He added: “Such attacks are incredibly hard to detect as most security tools sit within the operating system. Moreover, attacks that successfully establish a foothold below the OS are very difficult to remove and remediate, adding to the challenge for IT security teams.” Need for verification Organisations surveyed by HP are concerned that they are blind to this risk and ill-equipped to mitigate device supply chain threats like tampering. Over half (51%) of ITSDMs admit they cannot verify if PCs, laptops or printer hardware and firmware have been tampered with while in the factory or in transit. Three quarters (77%) say they need a way to verify hardware integrity to mitigate the risk of device tampering. Considering the scale of the challenge, it’s unsurprising that 78% of ITSDMs say their attention to software and hardware supply chain security will increase as attackers try to infect devices in the factory or transit. Addressing the threat Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Inc. Security Lab, points out that HP already builds in security features that help customers proactively manage device hardware and firmware security, right from the factory. “In today’s threat landscape, managing security across a distributed hybrid workplace environment must start with the assurance that devices haven’t been tampered with at the lower level. This is why HP is focused on delivering PCs and printers with industry-leading hardware and firmware security foundations designed for resilience, to allow organisations to manage, monitor and remediate device hardware and firmware security throughout the lifetime of devices, across the fleet.” He advises customers concerned about the risk to hardware and firmware in vendor supply chains to take the following steps: n Adopt Platform Certificate technology, designed to enable verification of hardware and firmware integrity upon device delivery. n Securely manage firmware configuration of your devices, using technology like HP Sure Admin (for PCs), HP Security Manager (for Printers), or HP Security Manager (Support). These enable administrators to manage firmware remotely using public-key cryptography, eliminating the use of less secure password-based methods. n Take advantage of vendor factory services to enable hardware and firmware security configurations right from the factory, such as HP Tamper Lock, Sure Admin or Sure Recover. n Monitor ongoing compliance of device hardware and firmware configuration across your fleet of devices. https://hp.com/wolf One in five businesses impacted by attacks on hardware supply chains, warns HP Wolf Security HP is warning of the risk of tampering and malware before computers, laptops, printers and other devices even leave the factory
RkJQdWJsaXNoZXIy NDUxNDM=