Kaspersky comment: Should firms be more worried about firmware cyber-attacks?
April 2021 by David Emm, principal security researcher at Kaspersky
Following the recent story ’Should firms be more worried about firmware cyber-attacks?’, The comment below from David Emm, Principal Security Researcher at Kaspersky, on the topic of firmware:
“For a lot of companies, business continuity may be prioritised over security, especially if that organisation has so far not faced major incidents. It’s vital that all organisations assess the risks they face, including the data they hold on their customers, and take appropriate steps to mitigate those risks. This is especially crucial given that the latest Cyber Security Breaches Survey shows that four in 10 businesses (39%) have faced cybersecurity breaches in the last year. A key aspect of corporate defence is to ensure that operating systems and applications are applied in a timely manner, to prevent cybercriminals from exploiting any vulnerabilities they discover in software. In recent years, some of the most sophisticated threat actors have also sought to compromise firmware – including this case where attackers modified a UEFI firmware image. While such activity is currently the preserve of the most sophisticated attackers, it makes sense for companies to include firmware updates as part of their patching process.”