According to a global survey conducted by Microsoft, the vast majority of businesses have become victims of a firmware-focused cyberattack.
Because of the confidential information such as passwords and encryption keys that firmware stores, it is rapidly becoming a lucrative target for cyberattackers. According to a Microsoft study, the vast majority of businesses have become victims of a firmware-focused cyberattack.
According to a Microsoft report, cyberattacks on firmware are on the rise, outpacing conventional cyber defences. The survey questioned 1,000 security decision-makers from Germany, China, Japan, the United Kingdom, and the United States.
Two working exploits for Linux and Windows platforms were discovered in the previous month, both of which could dump LM/NT hashes (Windows) and the /etc/shadow file (Linux) from the victim devices’ kernel memory.
Some Stats
In the last two years, more than 80% of businesses have encountered at least one firmware attack. Despite the fact that firmware-based attacks are on the rise, firmware security receives just 29% of the security budget.
Vulnerability testing, software upgrades, and advanced threat protection solutions accounted for the majority of security investments. Approximately 21% of decision-makers reported that their firmware data is not controlled. Furthermore, since 2017, the NIST’s NVD has recorded a five-fold rise in firmware-based attacks.
According to the report, approximately 46% of businesses have invested in hardware-based kernel protections, while only 36% have invested in hardware-based memory encryption.
Detection and incident response are more important to security teams than firmware attack prevention. Just 39% of security teams focused their efforts on the latter.
Since they are investing more time on lower-yield manual work, the vast majority of respondents (82%) said they don’t have the money to devote to more high-impact protection work.
Around 71% of respondents said their employees spent the majority of their time on tasks that could be automated.
Encouraging Trend of Firmware Security Investment
There is a positive sign that organizations are becoming more aware of the firmware based cyberattacks and are likely to invest in safeguards.
For example, 95% of Chinese businesses said they were willing to invest in firmware security, as do 91% of businesses in Japan, the United Kingdom, and the United States, as well as 81% of German businesses.
According to the report, 89% of regulated business businesses are eager and able to invest in advanced security technologies, with the financial services sector lagging behind slightly.
Concluding Words
Your computer systems contain a number of firmware, from webcams to sound cards to batteries, so its protection cannot be compromised at any cost. A significant disparity has been identified between investments in firmware protection and other critical security areas, implying that proper resource allocation is needed.
Although timely firmware updates can help reduce downtime and improve end-user efficiency, experts say that it can also free up security teams to focus on other projects, allowing companies to diversify their security investments.