The Reality of Hardware-level Security: Companies Need It and They Need It Now

Organizations are trying to protect their devices against the backdrop of a changing cybersecurity landscape. At the same time, hackers are working just as hard – if not harder – to infiltrate security measures. As security tools get more advanced, attackers find new ways to bypass them. The latest tactic used by hackers is attacking IT systems below the operating system (OS) of a device. Attacks at the hardware-, firmware- or silicon-level can expose organizations to systemic damages.

To study the effects of these types of intrusions, the Dell Technologies Hardware Security study conducted by Forrester Consulting surveyed IT, security, risk and compliance decision-makers at companies with more than 500 employees. Below is a topline summary of the commissioned study’s findings.

Hardware-level Breaches are the Latest Reality

  • The majority (63%) of organizations surveyed experienced at least one data compromise or a breach in the last 12 months due to an exploited vulnerability in hardware security, while 47% experienced at least two hardware-level attacks.
  • Hardware-level breaches can be carried out via targeting software vulnerabilities (43%), web applications attacks (40%) and strategic web compromises (30%).
  • These threats put customers and employees at risk, cause brand damage and impact revenue performance.

Current Strategies Don’t Prepare for Hardware-level Attacks

Nearly two-thirds (63%) of organizations recognize they have a moderate to extremely high level of exposure to threats to the hardware supply chain, yet only 59% have implemented a hardware supply chain security strategy.

  • While three in five companies see BIOS and firmware exploits as very or extremely concerning, only half feel the same about silicon-level vulnerabilities.
  • The lack of a consistent security approach to hardware-level security breaches leaves organizations open to the risk of damage, including loss of sensitive data, financial loss and diminished competitive advantage.

Hardware Security Vendors are a First Line of Defense

 Chip manufacturer validation and supply chain validation are viewed as critical to addressing hardware-level threats. Forty-seven percent of surveyed companies reported adopting and investing in supply chain validation initiatives now and 30% plan to implement in the next 12 months. Thirty-eight percent plan to adopt chip manufacturer validation in the next year.

  • Organizations that invest in stronger measures report growth in overall security (55%), reduced hardware expenses (39%), increased business continuity (44%), and expedited digital transformation (42%).
  • Endpoint security and platform security are equally important features that are expected from hardware security vendors by 61% percent of organizations. Although organizations expect excellent security from their vendors, only 28% said they were satisfied with the device security practices their vendor-provided at the silicon level.

Bottom line, hardware security is at the core of any computing system, and exploitation at this level is devastating. Once you are hacked, your endpoint, data and entire enterprise are at risk

Dell Technologies understands the importance of building security into the foundation of our devices. We are leading the way by fortifying our trusted devices both below and above the OS, while the rest of the PC industry prioritizes security apps and defenses that only sit above the OS. This difference in approach has led Dell Technologies to claim the industry’s most secure PCs – hands down. You can read more about how Dell architects a system of security measures, built from the inside out here.

To read the full Dell Technologies Hardware Security study conducted by Forrester Consulting, “BIOS Security – The Next Frontier for Endpoint Protection,” please click here.

About the Author: David Konetski

David Konetski serves as a Dell Fellow and Vice President in the Client Solutions Office of the CTO where his responsibilities include Security, Systems Management and Commercial SW technology strategy. David also leads Dell’s technology strategy defining the future of Work, unifying vision across the Dell Technologies family of companies and enabling customer solutions which transform their business. As a Dell Fellow, David provides innovation leadership across Dell Technologies and grows the Dell technical community. Mr. Konetski joined Dell in 1996 as a Sr. Engr manager, and over the next 5 years created Dell’s Audio/Video and Emerging Business engineering organizations. In 2001, Mr. Konetski joined the Dell Office of the CTO, and has developed technology strategies and product portfolios for a wide range of Client technologies, including Security, Systems Management, Communications, SW applications and Audio/Video ecosystems. David holds over 35 issued patents for Dell and is active in IP generation across the company. He was appointed to his current role as Vice President in 2011 and became a Dell Fellow in 2013. Prior to Dell, Mr. Konetski managed several engineering and marketing organizations.