New Security Signals study shows firmware attacks on the rise; hereâs how Microsoft is working to help eliminate this entire class of threats – Microsoft Security
The March 2021 Security Signals report showed that more than 80% of enterprises have experienced at least one #firmware attack in the past two years, but only 29% of security budgets are allocated to protect firmware.
Asaf Karas, CTO at Vdoo:
“Firmware vendors and OEMs should not only rely on external protection mechanisms implemented at the OS level to stop exploitations, but improve their firmware and device security by design. This should be done by continuously analyzing the firmware security posture during the SDLC process and, even more importantly, in its production state before distribution because this is the state in which attackers see it when they search for vulnerabilities. Firmware analysis tools enable both vendors and asset owners to detect security issues early in the process, thus simplifying and lowering their remediation cost.”
Michael Tsai, senior product manager at OneLogin:
“This report does not surprise me at all. End-user devices, whether managed or not, are the new IT perimeter, and with the paradigm shift to work from anywhere, both IT and security teams need to consider the added threat landscape, both at the software and firmware level of these devices. This is why implementing a Zero Trust Security model is crucial now and into the future. It’s not enough to just validate the end-users’ credentials, you must evaluate the trust status of the devices as well, before granting access to critical resources. Coupling it with anomaly detection across device endpoints and continuing to expand the detection capability will help strengthen the protection required for this new frontier.”