Back to Blog
15 Jun 2021

Firmware attacks: Why they shouldn’t be in the back of your mind

Recently the cyber security landscape has been highly characterised by phishing attempts and ransomware attacks. But how aware are you of the increase in firmware attacks? It’s an advanced and emerging attack, and Microsoft’s Security Signals report has found that more than 80% of enterprises have experienced at least one firmware attack in the last two years.


Why firmware attacks are a rising concern

80% is a worryingly high amount. Yet only 29% of security budgets are allocated to protect against firmware attacks. That’s 71% of budgets not taking the severity of firmware attacks seriously, and that isn’t the category you want to be in!

Firmware is simple software that’s in every piece of hardware. The reason why it’s a large risk is because firmware producers don’t take security into account when designing it, meaning it can be easily exploited by attaching a code which can go undetected. In a nutshell, the malware will be hidden in the firmware code, and it’s becoming a popular method for malicious actors which is why it’s crucial for businesses to act now.

Gartner reports that 70% of organisations lacking a firmware upgrade plan will be breached by 2022 due to firmware vulnerabilities 

Most businesses are allocating their budgets into security updates, vulnerability scanning and advanced threat protection solution. These businesses aren’t doing anything wrong as such, after all they all contribute to protection. But firmware sits below the operating system, that’s also where credentials and keys are stored in memory, which essentially means it’s not identifiable with antivirus and other technologies.


How to protect your business from the growing threat

The best way to keep your business protected from firmware attacks is to firstly allocate budgets to this threat and put it on the priority list with ransomware and phishing.

To actually prevent this attack is to simply ensure that your firmware software is always up to date and you’re using the latest standard. If you’re thinking about purchasing new hardware for your staff, then its probably best to let your procurement team know that you want to purchases hardware that specifically includes advanced firmware security. This will help limit vulnerabilities to your business.

Remember to also educate staff to not plug in USB’s that they don’t recognise! You never know what malicious software is sitting in USB devices, planted to make use of firmware storage. This can also go undetected with traditional scanning methods. Physical security training should be giving importance and practiced across all business just as much as knowledge based security awareness training.

Looking to find out more about firmware attacks? Speak to our cyber security experts today.

By OryxAlign