The next big cybersecurity battleground is going to be in firmware. A new report by global business technology and cybersecurity association ISACA says organisations are increasing their hardware footprint through the introduction of IoT, which is now putting firmware in cybersecurity's focus. Criminals, on the other hand, are getting more creative, only making things more difficult.
The saddening statistic is that every company surveyed by ISACA reported at least one incident. However, 52 per cent of those that kept regular tabs on their devices’ firmware reported at least one such incident, while among those that did not – 73 per cent reported a similar incident. Not being educated on the matter doesn’t help either – among those with a lack of knowledge, 71 per cent felt unprepared to deal with cyberattacks.
“We are seeing more and more that firmware security is no longer a theoretical problem,” said Justine Bone, Director and CEO, MedSec.
“The evidence is showing us that attackers are targeting firmware—many breaches and vulnerability discoveries these days can be attributed to firmware problems. Solutions are emerging, but most enterprise environments remain unprepared. While it’s clear that knowledge is power in this instance, it’s also evident from this research that company culture and overall attitude to security is a major contribution to vulnerability.”
Almost two thirds (63 per cent) of those believing their company is fully compliant with firmware audits reported higher effectiveness on managing patches. More than half of those (51 per cent) that had no feedback also reported no controls for firmware integrity monitoring.
Image Credit: Shutterstock/Bakhtiar Zein