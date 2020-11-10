Every journey begins with one first step. The hardware security journey is no different, but it can seem daunting, especially considering cybercriminal’s constant and perilous pursuit of data.

Recently Dell Technologies, in partnership with Futurum Research, commissioned the Four Keys to Navigating your Hardware Security Journey research study to better understand the level and type of threats encountered by organizations today. We interviewed more than 1,000 technology and security professionals to learn about the measures, practices and policies their organizations employ to address threats throughout the entire security journey. These individuals are directly involved in the planning, implementation, management, or operations of security, risk, and compliance activities related to device-level and supply chain security. Let’s explore some of the key findings.

Ignorance is not bliss: You are a target

It’s plain to see: security breaches are constantly occurring, but far too often organizations are in the “it won’t happen to me” mindset because they are smaller or not in a certain industry. We’ve all heard the saying, ‘ignorance is bliss,’ but when it comes at the cost of your company’s and customer’s private information, this is something most just cannot afford.

No matter the industry or company size, cybercriminals target organizations with an alarming level of sophistication that is challenging to identify. These attacks can be external or internal; they can be malicious or accidental. The most common type of attack respondents face are external attacks, such as phishing or ransomware attacks. Of those surveyed, 56% experienced an external attack attributed to a vulnerability in hardware or silicon-level security. U.S. Federal government agencies top the list at 67%. The survey also found that ​44% of respondents experienced at least one hardware-level or BIOS attack over the past 12 months and for 16%, more than once.

When it comes to security, knowledge is power. It can be as simple as knowing when a system needs to be patched. For organizations with limited IT resources, having built-in tools that identify where, what and when to deploy a patch is crucial. These tools can alert you when a patch is needed quickly and without disruption. The more organizations begin leveraging these tools, the safer their data will be.

From the ground up: Establishing a foundation

It is not surprising to see that 53% of respondents cite “improving advanced threat intelligence capabilities” as their top IT security initiative in the next 12 months. To establish a resilient security posture, organizations must create a strong foundation that layers a plethora of initiatives and measures. But there’s no silver bullet in security and no one-size-fits-all approach. This presents a unique challenge to IT teams as they try to secure all their assets and devices – at every stage of their security journey.

However, consider the ramifications if your partners are not securing everything. If an organization’s supply chain is not meeting the same security standards and measurements that they practice, then their data and devices remain vulnerable to attackers. More than half of organizations with a security framework in place strongly agree that supply chain security measurements and standards are a key requirement when working with a vendor, and even 32% of organizations without a security framework in place still strongly agree with that sentiment.

So which device security measures do users expect a hardware vendor to provide as part of their manufacturing and distribution process? Of those surveyed, 65% expect hardware vendors to include security of the platform in their manufacturing and distribution process. This was followed by endpoint security (50%) and security through the supply chain (41%).

Establishing a strong framework for long-term success

Your security journey will evolve as your business grows and matures so it is important that you establish a framework for your security posture. It should be more than just the hardware or software used in a security system. It’s about identifying the behaviors of an attack and the steps to remediate.

With both the workforce and the threat landscape rapidly evolving, strong security frameworks are becoming increasingly relevant in the evaluation and selection of a security provider. In fact, just over two thirds of organizations surveyed are using a framework during the evaluation of security providers. Surprisingly, 31% use no framework currently and while 23% say they are evaluating them, 8% have no plans to ever adopt one, including 13% of U.S. Federal agencies.

A strong security framework for your business is crucial to know when, not if, you’ve been breached. For companies with a security framework in place, 54% responded that they were hacked within the last 12 months. Meanwhile, among those organizations without one, only 21% responded that they were aware of being hacked within 12 months. You may be thinking, “well Brooke, that this statistic doesn’t help my argument.” But that number is likely low, because those organizations don’t have the proper framework in place to identify an attack that might be happening right under their noses.

Security’s guiding light: Dashboards

From custom-built and internally-developed to commercial off-the-shelf tools, security dashboards are a critical component in the monitoring of the security journey. Organizations that are leveraging security dashboards are twice as likely to report a hardware-level security breach during the prior 12 months. You can’t protect yourself from the threats you can’t see!

I am happy to report that 63% of enterprises use one or more dashboards to view, monitor or manage the security of their enterprise devices. For those not currently leveraging a dashboard, 92% expect to be using at least one within 18 to 36 months. Knowledge is power, and dashboards can provide advance warning of threats and the data necessary to protect your systems, data, employees and customers.

Beginning your hardware security journey

The one message that resonates throughout the research is that security initiatives require the commitment, collaboration and partnership of an entire ecosystem—from your supply chain to the C-Suite. It is crucial for organizations to continue to invest in security tools and protections to give their company, and its data, a fighting chance against cyberattacks.

About the Author



Brooke Huling, Vice President Software & Experiences, Dell Technologies

Brooke Huling is the Vice President of Product Management for Dell Technologies Software, Solutions & Experiences. She is a true product strategist with the heart of an entrepreneur. With over 18 years of Product and Technical Strategy experience Brooke is well versed in aaS business models, exceptional customer experiences and innovation at every level. Brooke’s favorite day is launch day cheering on her teams.