Cyberattack. The word that strikes fear into the heart of IT professionals. Until fairly recently, you’d be forgiven for focusing your security efforts on software. A firewall and set of basic security protocols might’ve been enough to prevent most threats. But those days are over.
Every company worth its salt will have a software security plan. But all of this software runs on hardware. And hardware is everywhere, a part of every electronic device we use. IT professionals are now having to give more thought to protecting the hardware that backs up all of the other security measures they have in place.
Hardware designers typically focus on three areas: power, performance and reliability. But where does security come into this? Hardware itself can be a cybersecurity risk. According to a 2019 report by Dell, 63% of organisations said they had experienced at least one data breach in the past year due to a hardware security vulnerability.
With stats like these, it’s clear that whatever technologies are used to secure a system must be built on a strong foundation. Even a small compromised physical component, such as a semiconductor chip, can undermine all additional layers of a system’s cybersecurity.
We’ve seen several high-profile hardware vulnerability cases in recent years, and not all the result of malicious attacks. One of the largest cases involved arguably one of the best chip designers in the world: Intel. In 1994, Intel had to recall a line of processors that included a subtle flaw, costing them millions of dollars and threatening their reputation.
Faulty hardware design can cause all kinds of security vulnerabilities. One example is the Meltdown or Spectre bug, which can affect all kinds of desktop computers, laptops, cloud computers and smartphones and cause security boundaries which are normally enforced by hardware to cease to work. This means sensitive data, such as passwords or personal information, can be stolen. The scary part? This vulnerability affects virtually processor, every computer, across the world. Thank heavens for security patches!
International foul play
This is a controversial one. In 2018, Bloomberg reported that Chinese spies had infiltrated a number of US tech firms by compromising their technology supply chain. Allegedly, secret microchips were installed on server boards during the production process. These hardware trojans were designed to appear harmless while performing malicious processes in secret. Apple and Amazon were among those reportedly affected, but have denied the report.
Why is hardware so unsafe?
There are a number of reasons that could account for why hardware can seriously affect cybersecurity if left unchecked.
Hardware is the foundation on which cybersecurity sits. Image source: Pixabay.com
- Historically low investment in cybersecurity. For a long time, security had been widely seen as more of an add-on than a fundamental part of the IT industry. Thankfully, this is beginning to change. The cybersecurity industry has been growing exponentially year-on-year since the early 00s.
- Cybercriminal activity on the rise. The cybersecurity industry is driven out of necessity: a rise in cybercriminal activity is to thank for larger budgets. The problem is so extensive that it has been predicted cybercrime will cost businesses across the world more than $6 trillion annually by 2021.
- Cheaper, faster and more complex hardware. Hardware attacks used to be considered too difficult and expensive. Now, with the process of building computer hardware being faster and less expensive, hardware attacks are far more feasible.
- Complex supply chains. Increased demand from consumers has forced chip manufacturers overseas, meaning companies that make such hardware don’t necessarily build them from scratch – third party suppliers are involved. This opens the door to numerous opportunities for security loopholes to be found and exploited.
So how can you prevent hardware cyberattacks?
Hardware security is focused on protecting systems against vulnerabilities at a physical layer. And if your systems are sitting on dodgy foundations, your cybersecurity is inherently more at risk. To secure your hardware, you could try the following:
- Review, identify and address any potential security vulnerabilities. With cyberattacks on the rise, it’s best to be proactive rather than reactive. Have a cybersecurity expert audit your computer systems and if any areas come up as being particularly vulnerable to exploitation, tighten your security measures there first.
- Know your supply chain inside-out. To stay protected, make sure whoever sells you your hardware can vouch for the security of their components, from production through to delivery. Validation at every step of the supply chain is crucial.
- Replace and update old hardware. Outdated hardware is more open to attack. If a cybersecurity audit reveals a vulnerability, consider updating your hardware with products from a trusted supplier. It’s also crucial to keep all of your software regularly updated, as security patches can help ward off any potentially malicious attacks.
Hardware: A foundation for good cybersecurity
Enhancing cybersecurity in your workplace may seem complicated, but it doesn’t have to be. It all boils down to this: make sure you know the hardware you have, and where it came from, to ensure you stay secure.
About EC-MSP, your IT partner
EC-MSP are one of the most trusted IT support providers in London. If you would like more help advice and support with technology for your business, contact us today to see how we can help.