Microsoft published yesterday a survey conducted in August last year with 1,000 decision makers involved in cybersecurity for companies in the United States, United Kingdom, Germany, China and Japan. With the title of Security Signals, the survey shows that more than 80% of companies have had at least one firmware attack in the past two years – and unfortunately only 29% of security budgets are allocated for firmware protection.
The study showed that the current security investment is going for updates, vulnerability scanning and advanced threat protection solutions. However, says the document, “many organizations are concerned about the access of malware to their system, as well as the difficulty in detecting threats, suggesting that the firmware is more difficult to monitor and control. Firmware vulnerabilities are also exacerbated by a lack of awareness and automation ”.
But the tide, the report argues, may be starting to turn against firmware exploits: “There is a growing awareness of the problem worldwide, a new willingness to invest in protections and an emerging class of secure core hardware is showing the potential to empower organizations with chip-level security and new automation and analytics capabilities. ”
The report’s release post contains the information that Microsoft “created a new class of devices designed specifically to eliminate firmware-oriented threats, called secure-core PCs. This was recently extended to Server and IOT, announced at this year’s Microsoft Ignite conference. ”
The report’s most important conclusion is that “companies want to have more proactive security strategies in place, especially when it comes to dealing with firmware attacks. Microsoft is working to address this need in partnership with leading PC manufacturers and silicon suppliers to establish a proactive strategy regarding device security. Ultimately, companies that align their resources to develop such preventive strategies will have a better chance of business continuity, productivity and protection against emerging threats. ”
With international news agencies
Source: CisoAdvisor