Top Ten Findings from HP Inc.'s Global Survey on Nation-State Threats to Supply Chains
Nation-State Impact: 19% of organizations globally, and 29% in the US, have been affected by nation-state actors targeting supply chains of PCs, laptops, or printers.
Malicious Hardware/Firmware Insertion: Over 35% of organizations believe they or their associates have been impacted by nation-state actors inserting malicious hardware or firmware.
Future Threat Perception: 91% of IT and security decision-makers (ITSDMs) believe nation-state actors will target supply chains to insert malware or malicious components.
Next Major Attack Anticipation: 63% of respondents anticipate the next major nation-state attack will involve poisoning hardware supply chains to insert malware.
Growing Attention to Security: 78% of ITSDMs expect to increase their focus on software and hardware supply chain security due to rising transit threats.
Verification Concerns: 51% of ITSDMs worry they cannot verify if hardware and firmware have been tampered with during transit.
Need for Hardware Integrity Verification: 77% of respondents emphasize the need for methods to verify hardware integrity to mitigate tampering risks.
Security Tools Limitation: Most security tools operate within the OS, making it hard to detect and remove attacks below the OS, according to Alex Holland, HP Security Lab's Principal Threat Researcher.
HP’s Security Focus: HP is committed to delivering PCs and printers with advanced security foundations to ensure device security throughout their lifecycle, as stated by Boris Balacheff, Chief Technologist for Security Research and Innovation, HP Inc. Security Lab.
Recommended Security Measures: HP Wolf Security advises adopting Platform Certificate technology, using HP Sure Admin or HP Security Manager for remote firmware management, leveraging vendor factory services for pre-configured security, and monitoring compliance of hardware and firmware configurations across device fleets.