Four Steps in Navigating Hardware Security

Published on 07 Dec 2021

hardware security, cyber-security

True security, or being secure, entails maintaining a shield or security posture throughout your trip, from the moment you make an order until the conclusion of the device's life cycle. It safeguards you, your suppliers, partners, and customers.

As security technologies for both threat actors and companies have become more sophisticated, cybercriminals have broadened their approach to focus on targets deemed to be less secure, many of which sit 'below the operating system' at the hardware level.

Threats posed today and in the future, from lone individuals and groups to state-sponsored teams, are not and will not be confined to end-user or operational systems, but will be felt throughout the entire ecosystem, from the first supplier to the final end-user in software, hardware, and even the silicon itself.

This study, titled Four Keys to Navigating Your Hardware Security Journey, outlines the highlights of a long-term research endeavor that began in late 2019 and will be completed in mid-2020. Here's a taste of what you may expect from this Whitepaper:

1) Becoming Aware That You Are The Target

Security threats can originate from everywhere, both within and externally. They can be malicious or unintentional. They are present in both your end-user devices and your partner ecosystem and supply chain. They can exist in both software and hardware.

In fact, two-thirds of businesses believe they've been the victim of a hardware-level attack in the past, with 44 percent stating it happened in the previous 12 months (and 16 percent indicating it happened more than once). The underlying tragedy, however, is that we believe those figures are low and that weak threat detection is concealing large more risks.

2) Security Is Implemented From The Outset

There is no one-size-fits-all solution to security issues. Enterprises are employing a variety of measures to help safeguard their assets, ranging from strengthening advanced threat intelligence capabilities and authenticating components in the supply chain to improving disaster recovery strategies and isolating/air-gapping resources within a network. Despite this, 65 percent expect hardware vendors to include platform security in their production and distribution processes.

The current problem is for businesses to recognize the various stages of the journey that hardware and gadgets go through, where each stage demands a unique strategy. 

3) Guardrails And Frameworks Are Required For Every Security Journey

Established frameworks, such as NIST and MITRE ATT&CK, can enable an organization to shift its focus away from hardware and software and toward the rules and procedures that serve as the cornerstone of an ongoing security discipline.

While these two frameworks are widely utilized, more than 30 percent of firms say they don't use any security framework at all, and more than 20 percent indicate they don't plan to in the next three years. This has to change. It is important to note that simply having secure hardware and software (or believing you do) does not eliminate the need for policies and processes. Security isn't only about hardware; it's also about having the correct rules and procedures in place.

4) The Dashboard Light Provides A Security Paradise

Security dashboards, which range from custom-built and domestically developed to commercial off-the-shelf tools, are an essential component of any security strategy.

the tracking of the security journey Organizations that actively use one or more dashboards are twice as likely to disclose a hardware-level security breach in the previous twelve months – you can't see threats if you're not looking ahead.

There is a widespread misconception that security risks are mainly about software and that smaller or less visible firms are rarely targeted. This is absolutely not the case.

Security and IT professionals who recognize the threat's significance have been setting the groundwork for a better, more resilient security posture through a variety of projects and actions.

Security must follow hardware and devices from point A to point B, and then to points C and D, and it is vital to have a framework (or guardrails) in place to stay focused and on track.

If security is a journey, the dashboard lights reflect the status of that journey and identify both existing and future hazards ahead.


Download Futurum's whitepaper to learn more about how to navigate the hardware security journey.