Microsoft says businesses aren't doing enough to fight firmware attacks

Microsoft says that businesses aren't paying enough attention to securing systems against firmware attacks. The company shared the results of a commissioned study that shows that "attacks against firmware are outpacing investments targeted at stopping them."

The March 2022 Security Signals report states that while 80% of enterprises have experienced at least one firmware assault in the past two years, only 29% of security budgets are allocated to protect firmware.

Security Signals is a written report based on interviews with 1,000 enterprise security determination makers (SDMs) from several industries in the U.S., UK, Germany, Cathay, and Japan.

According to the report, organizations invest in security updates, vulnerability scanning, and advanced threat protection. Protecting against firmware attacks is complicated. Firmware sits below a PC's operating organization and isn't scannable by antivirus software on many devices. Microsoft discusses this in its blog post:

Firmware, which lives below the operating organization, is emerging equally a primary target considering it is where sensitive data like credentials and encryption keys are stored in memory. Many devices in the market today don't offering visibility into that layer to ensure that attackers haven't compromised a device prior to the kick process or at runtime [below] the kernel. And attackers have noticed.

Part of the problem, co-ordinate to the study, is that security teams use an outdated reactive model to threats:

Security Signals also establish that security teams are besides focused on outdated "protect and observe" models of security and are not spending enough time on strategic work — only 39% of security teams' time is spent on prevention and they don't see that irresolute in the next two years. The lack of proactive defense investment in kernel set on vectors is an case of this outdated model.

Microsoft created a new class of devices chosen Secured-core PCs, including Microsoft'south own Surface Pro X. These devices take multiple levels of protection at a hardware, firmware, and software level. Quite a few PC manufacturers make Secured-cadre PCs, including Acer, ASUS, Dell, Dynabook, HP, Lenovo, and Microsoft.

Don't buy Elden Ring on the hype alone — read this first

An Elden Question

Don't buy Elden Band on the hype alone — read this commencement

Elden Ring is an incredible game, only it may non be a bang-up experience if you don't know what you're getting into. Here are some thoughts on how all-time to make up one's mind whether to buy Elden Ring, if yous haven't yet decided.