aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Technology

HP Wolf Security study finds growing concern about attacks on hardware supply chains as one in five businesses impacted

  • Dean Marc
  • August 5, 2024
  • 3 minute read

New research highlights growing concern over nation-state threat actors targeting physical supply chains and tampering with device hardware and firmware integrity.

HP Inc. (NYSE: HPQ) today released the findings of a global survey highlighting the growing concern over nation-state threat actors targeting physical supply chains and tampering with device hardware and firmware integrity. The study of 800 IT and security decision-makers (ITSDMs) responsible for device security highlights the need for businesses to focus on device hardware and firmware integrity, with attacks on hardware supply chains and device tampering expected to increase.
 
Key findings include:
 


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

  • Almost one-in-five (19%) organizations surveyed say they have been impacted by nation-state threat actors targeting physical PC, laptop or printer supply chains. In the US, this figure rises to 29%.
  • Over a third (35%) of organizations surveyed believe that they or others they know have already been impacted by nation-state threat actors targeting supply chains to try and insert malicious hardware or firmware into devices.
  • Overall, 91% believe nation-state threat actors will target physical PC, laptop or printer supply chains to insert malware or malicious components into hardware and/or firmware.
  • Almost two-thirds (63%) believe the next major nation-state attack will involve poisoning hardware supply chains to sneak in malware.

“System security relies on strong supply chain security, starting with the assurance that devices are built with the intended components and haven’t been tampered with during transit. If an attacker compromises a device at the firmware or hardware layer, they’ll gain unparalleled visibility and control over everything that happens on that machine. Just imagine what that could look like if it happens to the CEO’s laptop,” comments Alex Holland, Principal Threat Researcher in the HP Security Lab.

Holland continues, “Such attacks are incredibly hard to detect, as most security tools sit within the operating system. Moreover, attacks that successfully establish a foothold below the OS are very difficult to remove and remediate, adding to the challenge for IT security teams.”

Considering the scale of the challenge, it’s unsurprising that 78% of ITSDMs say their attention to software and hardware supply chain security will grow as attackers try to infect devices during transit.
Organizations are concerned that they are blind and unequipped to mitigate device supply chain threats like tampering. Over half (51%) of ITSDMs are concerned that they cannot verify if PC, laptop or printer hardware and firmware have been tampered with during transit. A further 77% say they need a way to verify hardware integrity to mitigate the risk of device tampering.

Read More  Build Your API Security Strategy On These 4 Pillars

“In today’s threat landscape, managing security across a distributed hybrid workplace environment must start with the assurance that devices haven’t been tampered with at the lower level. This is why HP is focused on delivering PCs and printers with industry-leading hardware and firmware security foundations designed for resilience, to allow organizations to manage, monitor and remediate device hardware and firmware security throughout the lifetime of devices, across the fleet,” comments Boris Balacheff, Chief Technologist for Security Research and Innovation, HP Inc. Security Lab.

In recognition of these risks, HP Wolf Security is advising customers to take the following steps to help proactively manage device hardware and firmware security, right from the factory:

  • Adopt Platform Certificate technology, designed to enable verification of hardware and firmware integrity upon device delivery.
  • Securely manage firmware configuration of your devices, using technology like HP Sure Admin (for PCs) or HP Security Manager (Support). These enable administrators to manage firmware remotely using public-key cryptography, eliminating the use of less secure password-based methods.
  • Take advantage of vendor factory services to enable hardware and firmware security configurations right from the factory, such as HP Tamper Lock, Sure Admin, or Sure Recover technologies.
  • Monitor ongoing compliance of device hardware and firmware configuration across your fleet of devices.

Watch this space: Further findings from the study will be shared later this year.

About the data
The survey was conducted by Censuswide on behalf of HP Inc. from the 22nd February – 5th March 2024. It is based on a survey of 803 IT and security decision-makers in the US, Canada, UK, Japan, Germany, and France. The survey was carried out online.

About HP
HP Inc. (NYSE: HPQ) is a global technology leader and creator of solutions that enable people to bring their ideas to life and connect to the things that matter most. Operating in more than 170 countries, HP delivers a wide range of innovative and sustainable devices, services and subscriptions for personal computing, printing, 3D printing, hybrid work, gaming, and more. For more information, please visit: http://www.hp.com.

About HP Wolf Security
HP Wolf Security is world class endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services. Visit https://hp.com/wolf.

Read More  PyCon 2019 | A Snake in the Bits: Security Automation with Python

For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

Dean Marc

Part of the more nomadic tribe of humanity, Dean believes a boat anchored ashore, while safe, is a tragedy, as this denies the boat its purpose. Dean normally works as a strategist, advisor, operator, mentor, coder, and janitor for several technology companies, open-source communities, and startups. Otherwise, he's on a hunt for some good bean or leaf to enjoy a good read on some newly (re)discovered city or walking roads less taken with his little one.

Related Topics
  • Hardware
  • HP
  • HP Wolf
  • Security
You May Also Like
View Post
  • Computing
  • Multi-Cloud
  • Technology

Reliance on US tech providers is making IT leaders skittish

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Examine the 4 types of edge computing, with examples

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

AI and private cloud: 2 lessons from Dell Tech World 2025

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

TD Synnex named as UK distributor for Cohesity

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Broadcom’s ‘harsh’ VMware contracts are costing customers up to 1,500% more

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Weigh these 6 enterprise advantages of storage as a service

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Pulsant targets partner diversity with new IaaS solution

  • May 23, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Growing AI workloads are causing hybrid cloud headaches

  • May 23, 2025

Stay Connected!
LATEST
  • 1
    Just make it scale: An Aurora DSQL story
    • May 29, 2025
  • 2
    Reliance on US tech providers is making IT leaders skittish
    • May 28, 2025
  • Examine the 4 types of edge computing, with examples
    • May 28, 2025
  • AI and private cloud: 2 lessons from Dell Tech World 2025
    • May 28, 2025
  • 5
    TD Synnex named as UK distributor for Cohesity
    • May 28, 2025
  • Weigh these 6 enterprise advantages of storage as a service
    • May 28, 2025
  • 7
    Broadcom’s ‘harsh’ VMware contracts are costing customers up to 1,500% more
    • May 28, 2025
  • 8
    Pulsant targets partner diversity with new IaaS solution
    • May 23, 2025
  • 9
    Growing AI workloads are causing hybrid cloud headaches
    • May 23, 2025
  • Gemma 3n 10
    Announcing Gemma 3n preview: powerful, efficient, mobile-first AI
    • May 22, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • Understand how Windows Server 2025 PAYG licensing works
    • May 20, 2025
  • By the numbers: How upskilling fills the IT skills gap
    • May 21, 2025
  • 3
    Cloud adoption isn’t all it’s cut out to be as enterprises report growing dissatisfaction
    • May 15, 2025
  • 4
    Hybrid cloud is complicated – Red Hat’s new AI assistant wants to solve that
    • May 20, 2025
  • 5
    Google is getting serious on cloud sovereignty
    • May 22, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.