Shorter Reads

Firmware cyber-attacks: the next big thing?

1 minute read

Published 9 April 2021

Share

Key information

An interesting article in the BBC news highlights a lesser-known, but potentially devastating cyber-threat for medium to larger businesses – a hack into their computer firmware.  A survey conducted by Microsoft has found that 80% of firms have experienced a firm ware attack in the past 2 years, but less than a third of security budgets are allocated to protect firmware. In addition, the US National Institute of Standards and Technology has recorded a 5 fold increase in firmware attacks in the last 4 years. Covid lockdown has created an environment where the time and trouble needed to arrange such an attack has become much less of a problem for cyber-criminals.

Firmware is the inbuilt code which controls each component in a PC.  It is harder to access than software, but if infiltrated it can be almost impossible to detect, and may leave no trace. Regular patch updates for the firmware as well as the software can reduce the risk of an attack succeeding, but because it is more complicated to put in place, it may be overlooked or delayed.

While the risk is only likely to be significant for medium to large size businesses, it is clearly a growing threat that should be considered as part of the data risk management strategy of all larger businesses. With more staff working from home and connecting remotely to work servers, each external device which connects provides an opportunity for hackers. Steps that should be taken include a review of how and through which devices employees connect to the central system, a reassessment of technical and organisational cyber-security measures to ensure that firmware protection is given sufficient prominence, and further training for employees to raise awareness of the risks and ensure that they take the necessary steps to keep any authorised personal devices up to standard with recommended protection measures. This last is perhaps the most important, since most cyber-breaches and data breaches occur as the result of human error, inattention or carelessness.

https://www.bbc.co.uk/news/business-56671419

Message us with any questions

Related latest updates
PREV NEXT

Arrow Back to Insights

Shorter Reads

Firmware cyber-attacks: the next big thing?

Published 9 April 2021

Associated sectors / services

An interesting article in the BBC news highlights a lesser-known, but potentially devastating cyber-threat for medium to larger businesses – a hack into their computer firmware.  A survey conducted by Microsoft has found that 80% of firms have experienced a firm ware attack in the past 2 years, but less than a third of security budgets are allocated to protect firmware. In addition, the US National Institute of Standards and Technology has recorded a 5 fold increase in firmware attacks in the last 4 years. Covid lockdown has created an environment where the time and trouble needed to arrange such an attack has become much less of a problem for cyber-criminals.

Firmware is the inbuilt code which controls each component in a PC.  It is harder to access than software, but if infiltrated it can be almost impossible to detect, and may leave no trace. Regular patch updates for the firmware as well as the software can reduce the risk of an attack succeeding, but because it is more complicated to put in place, it may be overlooked or delayed.

While the risk is only likely to be significant for medium to large size businesses, it is clearly a growing threat that should be considered as part of the data risk management strategy of all larger businesses. With more staff working from home and connecting remotely to work servers, each external device which connects provides an opportunity for hackers. Steps that should be taken include a review of how and through which devices employees connect to the central system, a reassessment of technical and organisational cyber-security measures to ensure that firmware protection is given sufficient prominence, and further training for employees to raise awareness of the risks and ensure that they take the necessary steps to keep any authorised personal devices up to standard with recommended protection measures. This last is perhaps the most important, since most cyber-breaches and data breaches occur as the result of human error, inattention or carelessness.

https://www.bbc.co.uk/news/business-56671419

Associated sectors / services

Need some more information? Make an enquiry below.

    Subscribe

    Please add your details and your areas of interest below

    Specialist sectors:

    Legal services:

    Other information:

    Jurisdictions of interest to you (other than UK):

    Enjoy reading our articles? why not subscribe to notifications so you’ll never miss one?

    Subscribe to our articles

    Message us on WhatsApp (calling not available)

    Please note that Collyer Bristow provides this service during office hours for general information and enquiries only and that no legal or other professional advice will be provided over the WhatsApp platform. Please also note that if you choose to use this platform your personal data is likely to be processed outside the UK and EEA, including in the US. Appropriate legal or other professional opinion should be taken before taking or omitting to take any action in respect of any specific problem. Collyer Bristow LLP accepts no liability for any loss or damage which may arise from reliance on information provided. All information will be deleted immediately upon completion of a conversation.

    I accept Close

    Close
    Scroll up
    ExpandNeed some help?Toggle

    Get in touch

    Get in touch using our form below.