Cybersecurity threats are on the rise if no safety measure is taken, the new Microsoft’s inaugural Security Signal report shows more than 80% of the enterprises have experienced at least one firmware attack in the past 2 years, and it’s reported that only 29% of the security budgets, less than a third are allocated to protect firmware.
Firmware, a low-level software operating the hardware of a microprocessor-based device, but firmware attacks is very hard to deal with, a report from Security Signal has assembled numerous interviews from a thousand enterprises security decision-makers in different countries, it shows that the investment went to security update, vulnerability scanning, and advanced threat protection solutions. "Yet despite this, many organizations are concerned about malware accessing their system as well as the difficulty in detecting threats, suggesting that firmware is more difficult to monitor and control. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation," Microsoft notes.
It's difficult to detect is because firmware lives under the operating system, a place where credentials and encryption keys are stored in memory, and also, it’s not visible to the antivirus software. Security Signals survey found that 36% of the businesses invest in hardware-based memory encryption, 39% of the security teams’ time is spent on prevention. More than 82% of the enterprise security decision-makers said they don’t have enough resources to allocate on the vulnerable security work, as they are focusing on dealing with patching, hardware upgrades, and internal and external vulnerabilities.