We still hear about successful attacks far too often, but companies are undeniably getting better at defending against them.
Unfortunately, the same cannot be said of firmware attacks, which are growing increasingly common.
In fact, according to the first ever Security Signals report published by Microsoft in March of 2021, fully 80 percent of the businesses surveyed reported having been on the receiving end of a firmware attack in the last two years. However, less than one third of surveyed companies have money in their IT budgets specifically earmarked for the detection and prevention of such attacks.
Worse still, is the fact that firmware attacks are favored by State-sponsored hacking groups. They are well funded and even better organized, and they tend to be much trickier to deal with than conventional malware attacks.
Put these various pieces together and a disturbing picture begins to form. So many resources are being directed toward keeping existing software fully patched and up to date. Most of the rest are being aimed at detecting and preventing malicious software attacks, but little, if anything is left over to prevent firmware attacks. This creates a tremendous weak spot in the IT Security armor surrounding most companies these days.
Given that hackers generally target the weakest links in any security system, that's setting businesses across a wide range of industries up for failure. That is because while firmware not currently the attack vector preferred by most hackers around the world, there's nothing preventing them from shifting gears any time they want to.
All that to say, if you're not currently paying much attention to firmware threats, you should probably start. If you don't, you're leaving yourself wide open to attack and unnecessarily vulnerable. It's going to be a long year. Stay vigilant.