There is a growing global concern over attacks on hardware supply chains.
A recent study conducted by HP Wolf Security discovered that 19 percent of businesses had been impacted by nation-state threat actors targeting physical supply chains.
The survey was conducted by Censuswide on behalf of HP from February 22 - March 5, 2024, among 803 IT and security decision-makers in the US, Canada, UK, Japan, Germany and France.
The study added that 29 per cent of businesses in the US have reported such incidents.
It highlighted further the need for organisations to focus on device hardware and firmware integrity.
Among other key findings of the report, it was stated that 35 per cent of organisations believed they or others they know had been impacted by nation-state threat actors targeting supply chains to insert malicious hardware or firmware.
Also 91 per cent of organisations believed nation-state threat actors would target physical supply chains to insert malware or malicious components, while 63 per cent feared the next major nation-state attack would involve poisoning hardware supply chains.
Expert insights by Principal Threat Researcher at HP Security Lab, Alex Holland said system security relies on strong supply chain security, starting with the assurance that devices are built with intended components and haven't been tampered with during transit.
"If an attacker compromises a device at the firmware or hardware layer, they will gain unparalleled visibility and control," Holland said.
In the light of the report, 78 per cent of IT security decision-makers said their attention to software and hardware supply chain security would grow as attackers try to infect devices during transit.
Also 51 per cent raised concern they cannot verify if PC, laptop, or printer hardware and firmware have been tampered with during transit.
In addition 77 per cent said they needed a way to verify hardware integrity to mitigate the risk of device tampering.
HP Wolf Security advises customers to adopt Platform Certificate technology to verify hardware and firmware integrity upon device delivery and securely manage firmware configuration using technology like HP Sure Admin or HP Security Manager.
It also urged organisations to take advantage of vendor factory services to enable hardware and firmware security configurations right from the factory as well as monitor ongoing compliance of device hardware and firmware configuration across the fleet.