The field of cybersecurity is a space where evolving guerrilla warfare means companies don’t know where attackers are going to strike. Software, hardware or firmware, companies want to secure all three, but with a priority for software.
Recently, Microsoft commissioned a study that showed how attacks on firmware are not considered enough by companies in cybersecurity investments. According to the Redmond firm, the lack of automation and investment leads to a lack of focus on firmware. The first edition of the March 2021 Security Signals report shows that 83% of organizations have experienced at least one firmware attack in the past two years. The study also shows that current investments are dedicated to security updates, vulnerability scanning, and advanced threat protection solutions. Despite this, many organizations are concerned about malware gaining access to their system and difficulty in detecting threats, which suggests that firmware is more difficult to monitor and control. Nuisances distributed equitably
However, most security decision-makers consider breaches of any security category—software, hardware, or firmware—as disruptive and allocate their budgets accordingly, devoting about a third of their security budget to each category. Software is considered the most vulnerable to threats, with 63% of organizations ranking it ahead of hardware and firmware. Hardware is cited by 20% of respondents, while attacks on firmware by 17%. Yet, even if the respondents do not show the same concern for the different vulnerabilities, they rank the possible harms almost on the same level. When asked about possible disruptions caused by attacks on firmware, respondents place it almost on the same level as software and hardware with respectively 73% for firmware, 75% for hardware, and 78% for software. More automation and buried security However, the tide is starting to turn against firmware exploits. According to Microsoft, “there is a growing awareness of the problem around the world, a new willingness to invest in protective measures, and the emergence of a new category of hardware with buried security, which offers companies a chip-level security and new automation and analytics capabilities,” the report explains. Thus, security budgets should be allocated to more proactive measures. While current security budgets are spent on measures that block attackers, such as firewalls, servers, and advanced threat protection. Businesses know they need to take more proactive steps to protect themselves. Two years from now, they plan to invest more in AI/ML, zero trust, 5G devices, and Trusted Execution Environments (TEEs) to better predict attacks and enable greater productivity. their staff. Importantly, those who have admitted to having suffered a malware attack better understand the impact of a breach and channel more investment into security in general
Very interesting topic, thank you for putting up.Raise your business