Hybrid working leaves IT departments scrambling to shield against 'destructive' firmware attacks

hybrid working
(Image credit: Shutterstock / Elena Istomina)

As the workforce becomes more distributed, the dynamics around firmware security and how IT teams handle it is changing, a new report from HP Wolf Security says, adding that IT departments are facing an uphill battle.

Firmware is essentially software, but built directly into the hardware. It doesn’t require an operating system, drivers, or APIs. Instead, it’s the firmware that guides the device as it executes its tasks and communicates with other devices. 

The poll of 1,100 IT leaders discovered that for more than eight-in-ten (83%), firmware attacks against laptops and PCs are now a significant threat. Furthermore, for three-quarters (76%), firmware attacks against printers are also a major threat.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022

<a href="https://polls.futureplc.com/poll/2022-cybersecurity-survey" data-link-merchant="polls.futureplc.com"" target="_blank">Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the <a href="https://polls.futureplc.com/poll/2022-cybersecurity-survey" data-link-merchant="polls.futureplc.com"" data-link-merchant="polls.futureplc.com"" target="_blank">end of this survey to get the bookazine, worth $10.99/£10.99.

 Shadow IT 

The same report also states that managing firmware became harder, and is now taking longer, which is also creating security gaps. For two-thirds (67%) of respondents protecting, detecting, and recovering from firmware attacks has become harder and longer, all due to remote working being the norm.

As a result, four in five worry about being able to respond to endpoint firmware attacks.

Adding insult to injury is the fact that for many organizations, device security is not always front and center, HP further found. Many organizations, the report states, are still using technology without baked-in security. What’s more, employees are constantly engaged in Shadow IT (using gear and software that wasn’t approved of, by the IT), especially when working remotely. 

In fact, 68% of office workers that purchased devices to support remote work said they weren’t paying much attention to security. Almost half (43%) did not call the IT department to have their new gear set up.

For Dr. Ian Pratt, Global Head of Security for Personal Systems at HP, firmware attacks are extremely disruptive as they’re harder to detect and remediate, compared to traditional viruses, or malware

“This increases the cost and complexity of remediation considerably, particularly in hybrid environments where devices are not on site for IT teams to access. Having more endpoints sitting outside of the protection of the corporate network also reduces visibility and increases exposure to attacks coming in via unsecured networks,” Pratt concluded.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.