In France, 150 IT decision-makers and 1,014 employees responded to the survey. The report’s conclusions highlight the risks for French companies, faced with issues such as poor device configuration, lack of collaboration between IT and purchasing teams, and insufficient management of electronic waste:
- $8.6 billion : The global annual cost of lost or stolen IT devices.
- 48% of IT and cybersecurity decision-makers say their purchasing teams rarely collaborate with IT departments to validate supplier commitments
- 58% of decision-makers do not perform firmware updates when offered.
- 57% of French companies destroy their devices for security reasons, worsening the volumes of electronic waste.
- 76% of French employees keep at least one old professional PC, while 10 % do not return their equipment after leaving their job.
Flaws from the acquisition of IT devices
In France, 48 % of IT and cybersecurity decision-makers believe that purchasing teams rarely collaborate with IT departments to validate suppliers’ security commitments. Worse, 36 % say they have to trust suppliers’ promises without being able to verify their claims. These gaps make companies vulnerable when selecting devices, particularly in the face of insufficient audits or non-respected contracts.
Problems also appear during the initial configuration of equipment. Next to 47 % of decision makers indicate that BIOS passwords are too often shared or insufficiently strong, and 52 % admit that they almost never modify them during the life cycle of the devices. These practices increase the risk of intrusion and data compromise.
Continuous management and monitoring: insufficient efforts in the face of growing risks
Firmware updates are a crucial but overlooked step: 58 % of decision-makers say they do not apply these fixes when they are proposed. A feeling of “FOMU” (Fear of Updating) slows down these actions, because 55 % officials worry the updates could disrupt operations. However, the rise of cyberattacks exploiting artificial intelligence worries 79 % respondents, who fear ever more rapid and sophisticated attacks.
The cost of lost or stolen devices poses another major threat. Each year, these losses cost 8.6 billion dollars globally. In France, 24 % of hybrid employees admit to losing or having a device stolen, and it took them an average of 24 hours to notify their IT department.
Second life and recycling: security issues hampering sustainability
The end of life of devices also poses crucial problems. In France, 57 % of IT decision-makers consider it too risky to reuse or resell devices due to the difficulty of completely erasing data. As a result, a lot of equipment is destroyed, fueling volumes of electronic waste. This inability to recycle effectively directly impacts companies’ environmental, social and governance (ESG) objectives.
Moreover, 76 % employees keep at least one old professional PC, and 10 % quit a job without returning their device immediately. These practices increase the risks associated with the leak of sensitive data.
Recommendations in overall device lifecycle management
The HP Wolf Security report offers several recommendations to improve the security of IT equipment throughout its lifecycle:
-- Supplier selection : Collaborate between IT, purchasing and cybersecurity teams to define clear criteria and audit supplier commitments.
- Initial setup : Adopt solutions allowing secure integration via the cloud, including management of firmware and security parameters.
- Ongoing monitoring and management : Implement tools to identify devices at risk, apply updates quickly, and lock or erase data remotely in the event of loss.
- End of life : Prioritize equipment capable of guaranteeing secure erasure of data to allow compliant reuse or recycling.
“Micro-isolation, a shield against AI attacks”: Analysis by Bruno Mahé, HP France
Alex Holland, Principal Threat Researcher at HP, concludes by emphasizing the importance of proactive prevention and rigorous management to avoid disastrous consequences: “Hardware and firmware attacks can give cybercriminals complete control over devices. Traditional tools focus on software, leaving these types of threats virtually invisible. »
Methodology:
Hybrid Employee Sample: Global survey of 6,055 office workers who work hybrid, remotely or from anywhere in the US, Canada, UK, Japan, Germany and in France, from May 22 to 30, 2024 – survey carried out online by Censuswide. In France, 1014 employees responded to the survey. IT and Security Decision Makers Sample: survey conducted globally among 803 IT and security decision makers in the United States, Canada, the United Kingdom, Japan, Germany and France (150 in France), from February 22 to 5 March 2024 – online survey by Censuswide.
About ChannelBiz:
ChannelBiz.fr is the media for IT & Tech distribution partners in France: Integrators, resellerset MSP/MSSP. Every week, we offer our 9,000 subscribers 2 newsletters around the Channel’s major news and issues: infra & Cloud, Cybersecurity; Workspace & AV; Telecom; and Business Apps. We also publish every quarter “ChannelBiz: The Mag”: a 60-page magazine, to take a step back from major market trends. And so as not to miss any of the Channel’s daily news, join our ChannelBiz Linkedin page.
