Although hardware attacks are high, only 59% of companies have implemented a hardware security strategy, Dell and Forrester thought.
How can you protect yourself against hackers? A social engineer from IBM offers advice
Stephanie “Snow” Carruthers, Chief People Hacker at IBM, gives advice on protecting yourself online. She also explains how the robocalls and spoofing process works.
Hardware-level breaches are one of the newest ways of attacking cyber criminals, according to a Dell report released Wednesday. The majority (63%) of the organizations said they experienced at least one data breach in the past year due to a hardware vulnerability.
Dell BIOS Security – The Next Frontier for Endpoint Protection Report, conducted by Forrester, has investigated more than 300 employees to determine the severity of hardware-related security issues. As security measures and technologies become more sophisticated, cyber criminals are forced to find new tactics for attacks. One of these new methods concerns an internal firmware chip called BIOS (Basic input / output system), the report revealed.
SEE: You have been violated: eight steps to take within 48 hours (free PDF) (TechRepublic)
A BIOS is a small hardware microchip on the motherboard of a computer. It is an extremely valuable component of a computer because it acts as a gateway to the hardware of the entire system and gives commands for how each piece of hardware should work and communicate according to the report.
Given how crucial the BIOS is for a computer, the fact that cyber criminals use it as a path to a cyber attack is particularly worrying – and the breaches have already begun. Nearly half (47%) of respondents said they have experienced at least two hardware-level attacks in the last 12 months, the report said.
Most of these attacks were carried out via an external attack (29%) via phishing (43%), software vulnerabilities (41%), web application (40%) or mobile malware (38%), the report found.
These breaches can have harmful consequences for an organization, including loss of sensitive data (52%), financial loss due to system failure (39%), slow IT recovery time (36%) and disruptions affecting customer-focused systems (35%) ), according to the report.
Although almost two-thirds of the organizations acknowledged that they have a moderate to extremely high level of threat exposure due to the hardware supply chain, only 59% said they implemented security strategies.
Hardware security strategies
Although three in five companies consider BIOS and firmware exploits to be very or extremely worrying, only half feel the same about silicon-level vulnerabilities. This lack of consistency with regard to hardware level breaches opens organizations to harmful risks such as loss of sensitive data, weakened competitive advantage and financial impact, the report said.
To remain protected, chip manufacturer validation and supply chain validation are crucial, and companies promised to embrace these security practices, the report said.
Almost half (47%) of the companies said they are already implementing supply chain validation initiatives, and 30% said they are planning to do this in the next 12 months. More companies (38%) said they also intend to take over the approval of chip manufacturers in the following year, the report found.
By investing in stronger security measures, organizations will see significant benefits. Companies reported top benefits such as growing overall security for their business (55%), lower hardware costs (39%), increased business continuity (44%) and accelerated digital transformation initiatives (42%).
The report also found that most organizations (61%) expect endpoint and platform security from hardware security vendors, meaning that these vendors must provide these features to be able to do valuable business.
For more information about 2020, see when cyber security becomes even stranger, so prepare for ZDNet.
Cyber Security Insider Newsletter
Strengthen the IT security of your organization by staying up to date with the latest news, solutions and best practices for cyber security.
Delivered on Tuesday and Thursday
Register today
Also see
Image: anyaberkut, Getty Images / iStockphoto
