Organizations are trying to protect their devices against the backdrop of a changing cybersecurity landscape. At the same time, hackers are working just as hard – if not harder – to infiltrate security measures. As security tools get more advanced, attackers find new ways to bypass them. The latest tactic used by hackers is attacking IT systems below the operating system (OS) of a device. Attacks at the hardware-, firmware- or silicon-level can expose organizations to systemic damages.
To study the effects of these types of intrusions, the Dell Technologies Hardware Security study conducted by Forrester Consulting surveyed IT, security, risk and compliance decision-makers at companies with more than 500 employees. Below is a topline summary of the commissioned study’s findings.
Hardware-level Breaches are the Latest Reality
- The majority (63%) of organizations surveyed experienced at least one data compromise or a breach in the last 12 months due to an exploited vulnerability in hardware security, while 47% experienced at least two hardware-level attacks.
- Hardware-level breaches can be carried out via targeting software vulnerabilities (43%), web applications attacks (40%) and strategic web compromises (30%).
- These threats put customers and employees at risk, cause brand damage and impact revenue performance.
Current Strategies Don’t Prepare for Hardware-level Attacks
Nearly two-thirds (63%) of organizations recognize they have a moderate to extremely high level of exposure to threats to the hardware supply chain, yet only 59% have implemented a hardware supply chain security strategy.
- While three in five companies see BIOS and firmware exploits as very or extremely concerning, only half feel the same about silicon-level vulnerabilities.
- The lack of a consistent security approach to hardware-level security breaches leaves organizations open to the risk of damage, including loss of sensitive data, financial loss and diminished competitive advantage.
Hardware Security Vendors are a First Line of Defense
Chip manufacturer validation and supply chain validation are viewed as critical to addressing hardware-level threats. Forty-seven percent of surveyed companies reported adopting and investing in supply chain validation initiatives now and 30% plan to implement in the next 12 months. Thirty-eight percent plan to adopt chip manufacturer validation in the next year.
- Organizations that invest in stronger measures report growth in overall security (55%), reduced hardware expenses (39%), increased business continuity (44%), and expedited digital transformation (42%).
- Endpoint security and platform security are equally important features that are expected from hardware security vendors by 61% percent of organizations. Although organizations expect excellent security from their vendors, only 28% said they were satisfied with the device security practices their vendor-provided at the silicon level.
Bottom line, hardware security is at the core of any computing system, and exploitation at this level is devastating. Once you are hacked, your endpoint, data and entire enterprise are at risk
Dell Technologies understands the importance of building security into the foundation of our devices. We are leading the way by fortifying our trusted devices both below and above the OS, while the rest of the PC industry prioritizes security apps and defenses that only sit above the OS. This difference in approach has led Dell Technologies to claim the industry’s most secure PCs – hands down. You can read more about how Dell architects a system of security measures, built from the inside out here.
To read the full Dell Technologies Hardware Security study conducted by Forrester Consulting, “BIOS Security – The Next Frontier for Endpoint Protection,” please click here.