Security News > 2022 > June > Destructive firmware attacks pose a significant threat to businesses

Destructive firmware attacks pose a significant threat to businesses
2022-06-29 04:00

The threat of firmware attacks is a growing concern for IT leaders now that hybrid workers are connecting from home networks more frequently: With hybrid or remote work now the norm for many employees there is a greater risk of working on potentially unsecure home networks meaning that the level of threat posed by firmware attacks has risen.

More than eight-in-ten IT leaders say firmware attacks against laptops and PCs now pose a significant threat, while 76% of ITDMs said firmware attacks against printers pose a significant threat.

Managing firmware security is becoming harder and taking longer in the era of hybrid work, leaving organizations exposed: More than two-thirds of IT leaders say protecting against, detecting, and recovering from firmware attacks has become more difficult and time-consuming due to the increase in home working, with 64% saying the same of analyzing the security of firmware configuration.

Despite the clear risks that destructive firmware attacks pose to organizations, device security is not always a major consideration in the hardware procurement process, with many organizations continuing to use technologies that are not built with security in mind.

Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Labs comments: "Security must become part of the procurement process when purchasing new IT devices. Organizations need to play the long game, because the devices you procure today will be the environment you have to manage and protect tomorrow. State-of-the-art device security delivers protection for firmware against malware as well as physical tampering, with detection both below and above the OS and autonomous self-healing recovery from the hardware up - but this will only help address the issue for organizations that know to ask the right questions when they procure new devices."

Balacheff concludes: "As attackers continue to invest in the capability to attack and disrupt PCs and other OT and IoT devices at the firmware level, organizations also need to learn how to monitor the state of the art in device security to keep updating procurement security requirements accordingly. This is what will enable leading organizations to stay ahead of emerging threats and protect, detect and remediate firmware attacks at scale in the era of hybrid work."


News URL

https://www.helpnetsecurity.com/2022/06/29/destructive-firmware-attacks-threat-to-businesses/