2 min

According to Microsoft, 80 percent of companies have experienced an attack on their firmware in the last two years. However, only a small part of the security budget is dedicated to protecting this data.

This is according to the Security Signals report written by Microsoft for March 2021. In it, Microsoft states that less than one-third of security budgets are focused on protecting firmware. Instead, the investments appear to be going more towards security updates, vulnerability scanning and Advanced Threat Protection solutions.

Lack of awareness

“Yet despite this, many organizations are concerned about malware accessing their system as well as the difficulty in detecting threats, suggesting that firmware is more difficult to monitor and control. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Firmware is located below the operating system and cannot be monitored by antivirus software, for example. Nevertheless, it is important that the firmware is secure, as login data and encryption keys are stored there. If an attacker has already managed to compromise the firmware before the boot process starts, it is very difficult to detect.

Firmware insufficiently secured

Microsoft, therefore, thinks that far too little is being done to secure firmware. The report shows that 36 percent of the companies invest in hardware-based memory encryption and 46 percent in hardware-based kernel protection. Security teams focus more on a “protect and detect” model, spending only 39 percent of their time preventing intrusions.

Of the more than 1,000 IT decision-makers surveyed, 82 percent said they do not have enough resources available to do such work, as they are too busy patching devices, hardware upgrades and mitigating internal and external vulnerabilities, writes ZDNet.

Firmware protection from Microsoft

Microsoft itself has released a line of Secured Core PCs. These PCs must be protected against malware that attacks the code of motherboards. It has also added a UEFI scanner to Defender ATP.