A new report shows that endpoint platform security — securing the hardware and firmware of PCs, laptops and printers — is often overlooked, weakening cybersecurity posture for years to come.
The report from HP Wolf Security is based on a global study of over 800 IT and security decision-makers (ITSDMs) and over 6,000 work-from-anywhere (WFA) employees, it shows that platform security is a growing concern with 81 percent of ITSDMs agreeing that hardware and firmware security must become a priority to ensure attackers cannot exploit vulnerable devices.
At the same time though 68 percent say that investment in hardware and firmware security is often overlooked in the total cost of ownership (TCO) for devices. This is leading to costly security headaches, management overheads and inefficiencies further down the line.
“Buying PCs, laptops or printers is a security decision with long-term impact on an organization’s endpoint infrastructure. The prioritization, or lack thereof, of hardware and firmware security requirements during procurement can have ramifications across the entire lifetime of a fleet of devices — from increased risk exposure, to driving up costs or negative user experience — if security and manageability requirements are set too low compared to the available state of the art,” says Boris Balacheff, chief technologist for security research and innovation at HP.
Among other findings, 34 percent say a PC, laptop or printer supplier has failed a cybersecurity audit in the last five years, with 18 percent saying the failure was so serious that they terminated their contract. Also 60 percent of ITSDMs say the lack of IT and security involvement in device procurement puts the organization at risk.
More than half (53 percent) of ITSDMs say BIOS passwords are shared, used too broadly, or are not strong enough. While 53 percent admit they rarely change BIOS passwords over the lifetime of a device.
Ongoing management is an issue too, over 60 percent of ITSDMs do not make firmware updates as soon as they’re available for laptops or printers. A further 57 percent of ITSDMs say they get FOMU (Fear Of Making Updates) in relation to firmware. Yet 80 percent believe the rise of AI means attackers will develop exploits faster, making it vital to update quickly.
The full report is available from the HP site.
Image credit: momius/depositphotos.com
