A 2025 global survey found that 72% of business leaders have witnessed a recent rise in cyber risks. Simultaneously, organizations face a shortage of cybersecurity talent with the skills gap increasing by 8% since 2024.
In addition to the growing number of threats from everything from ransomware to deepfakes, organizations must confront the growing sophistication of attacks, which can infect every part of a device — including hardware and firmware.
SVP of the mobility division at Panasonic Connect North America.
In this evolving landscape, organizations can’t afford to think of internet security as a single lock on the front door.
True resilience requires a layered, defense-in-depth strategy that covers every vulnerability, beginning at the supply chain level and continuing through to the on-device hardware and firmware.
The right solution works in the background without inhibiting device performance, so workers enjoy consistent security coverage without sacrificing their productivity.
Threats Rise Below the OS
Organizations that equip each employee with a business laptop or business tablet – as most organizations do – face heightened risk of a security breach at any level.
More devices in rotation means more entry points for bad actors. As workers move to different locations with these devices throughout the day, it becomes harder to protect them.
Traditionally, ransomware and malware attacks take place at the OS level, like when an employee accidentally clicks a link to download malicious software.
While such threats remain common, organizations must also defend against more sophisticated attacks that reach deeper into the tech stack, to the firmware and hardware levels, where they are both more difficult to detect and harder to evict.
What do these attacks look like? Some begin at the supply chain level, before organizations even receive the device. Small microchips inserted into a computer during manufacturing can give attackers unlimited access to the device’s data as soon as employees begin using them.
Meanwhile, once the organization has the device, there are several ways bad actors can gain access. They can compromise it at the hardware level through a malicious USB device.
Alternatively, physical damage to the device can cause the firmware to degrade over time, making it easier for hackers to gain access that way.
For any organization, the implications of below-the-OS breaches are severe, with costs in some cases rising above $100 million. However, for organizations in critical fields like the military, emergency response, healthcare, and utilities, the implications are especially dire.
A supply chain security breach could systematically power off the laptops utility workers use to access critical data about the power lines they’re trying to restore during a hurricane.
Or an unauthorized USB drive could compromise a police officer’s laptop while he’s on the way to a call, inhibiting his ability to prepare and strategize with his team.
A True Layered, End-to-End Security Stack Starts at the Supply Chain Level
While there are various solutions that support layered security, it’s critical to identify one that promises supply chain security in addition to endpoint visibility and protection:
Hardware Validation: Embedded hardware-level tamper detection at the BIOS level helps ensure supply chain integrity by detecting threats before they reach the operating system. If a device has been compromised in the supply chain, users receive an alert before they even start using it. Similarly, rigid controls ensure only approved hardware components can operate within the device, so a compromised USB drive can’t impact it.
Firmware Integrity Monitoring and Remediation: Firmware and component integrity monitoring and risk assessment can protect against threats at the lowest levels of the device while helping organizations comply with mandates from regulatory bodies like the National Institute of Standards and Technology (NIST) and industry-specific organizations like the FBI’s Criminal Justice Information Services (CJIS) Division.
If firmware is left vulnerable, attackers can modify system configurations and install persistent malware. With that access, they can either take the computer’s data or control the device remotely. It’s best to consider solutions that secure the OS layer to detect threats that move from the OS to the firmware, offer quick detection time, and support an extended device lifecycle.
Endpoint Protection and Response: AI-powered endpoint protection, response, and remediation blocks ransomware and zero-day threats in real time even when devices are offline. If a breach does occur, these solutions can isolate impacted systems to prevent disruption to the entire network and provide detailed analytics and reporting to IT for effective mitigation.
Compliance Enforcement: Firmware-embedded endpoint visibility and self-healing controls are necessary to maintain continuous compliance and remote control even when a device goes off the network or has been wiped of its data. Centralized asset intelligence from a single platform helps organizations manage and track all devices from one place so they can respond to threats in real time.
From supply chain monitoring and embedded hardware validation to endpoint device remediation and firmware integrity monitoring, a layered strategy protects devices throughout their lifecycle.
Especially given the growing sophistication of today’s cyber threats, it makes more sense than ever to work with an experienced tech partner to achieve truly comprehensive cybersecurity coverage that reduces risk without compromising productivity.
We've reviewed and rated the best antivirus software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.