Security News > 2021 > March > Microsoft: Firmware Attacks Outpacing Security Investments
According to a new Security Signals report released Tuesday by Microsoft, a whopping 80 percent of businesses reported "At least one firmware attack" in the past two years but only 30 percent allocated any budget spend on firmware protection.
Businesses aren't paying close enough attention to securing this critical layer, says David Weston, Microsoft partner director of OS security.
Microsoft commissioned a study of 1,000 enterprise security decision makers from around the world and the results confirmed that the bulk of current security spending goes to applying patches, vulnerability scanning, and advanced threat protection products that traditionally miss signs of infections below the operating system.
"Security teams are too focused on outdated"protect and detect" models of security and are not spending enough time on strategic work - only 39% of security teams' time is spent on prevention and they don't see that changing in the next two years.
"Seventy-one percent said their staff spends too much time on work that should be automated, and that number creeps up to 82% among the teams who said they don't have enough time for strategic work. Overall, security teams are spending 41% of their time on firmware patches that could be automated," the study found.
Microsoft is pushing its own secured-core PC concept, encouraging businesses to to invest in chip-level security and new automation and analytics capabilities.
News URL
Related news
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Microsoft Copilot for Security prepares for April liftoff (source)
- Microsoft’s Security Copilot Enters General Availability (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)