Businesses lack programmes to address firmware vulnerabilities

An increase in connected devices as part of organisations' hardware footprint, combined with increasingly inventive attack methods from cybercriminals, has brought the security of firmware - the hard-coded software frequently stored in Read-Only Memory - into the spotlight. A new study, "Firmware Security Risks and Mitigation, Enterprise Practices and Challenges", from global business technology and cybersecurity association ISACA reveals that while organisations are increasingly aware of the growing importance of firmware security, most businesses lack comprehensive programmes that can address firmware vulnerabilities within their infrastructure.

Justine Bone, director and CEO, MedSec, says, "The evidence is showing us that attackers are targeting firmware - many breaches and vulnerability discoveries these days can be attributed to firmware problems. Solutions are emerging, but most enterprise environments remain unprepared. While it's clear that knowledge is power in this instance, it's also evident from this research that company culture and overall attitude to security is a major contribution to vulnerability."