Hybrid working leaves IT departments scrambling to shield against 'destructive' firmware attacks

(Image credit: Shutterstock / Elena Istomina)

As the workforce becomes more distributed, the dynamics around firmware security and how IT teams handle it is changing, a new report from HP Wolf Security says, adding that IT departments are facing an uphill battle.

Firmware is essentially software, but built directly into the hardware. It doesn’t require an operating system, drivers, or APIs. Instead, it’s the firmware that guides the device as it executes its tasks and communicates with other devices.

The poll of 1,100 IT leaders discovered that for more than eight-in-ten (83%), firmware attacks against laptops and PCs are now a significant threat. Furthermore, for three-quarters (76%), firmware attacks against printers are also a major threat.

Shadow IT

The same report also states that managing firmware became harder, and is now taking longer, which is also creating security gaps. For two-thirds (67%) of respondents protecting, detecting, and recovering from firmware attacks has become harder and longer, all due to remote working being the norm.

As a result, four in five worry about being able to respond to endpoint firmware attacks.

Adding insult to injury is the fact that for many organizations, device security is not always front and center, HP further found. Many organizations, the report states, are still using technology without baked-in security. What’s more, employees are constantly engaged in Shadow IT (using gear and software that wasn’t approved of, by the IT), especially when working remotely.

> These are the best patch management tools around

> Your HP printer could be facing the risk of a serious cyberattack

> Beware - your old router could be putting you at risk of cyberattack

In fact, 68% of office workers that purchased devices to support remote work said they weren’t paying much attention to security. Almost half (43%) did not call the IT department to have their new gear set up.

For Dr. Ian Pratt, Global Head of Security for Personal Systems at HP, firmware attacks are extremely disruptive as they’re harder to detect and remediate, compared to traditional viruses, or malware.

“This increases the cost and complexity of remediation considerably, particularly in hybrid environments where devices are not on site for IT teams to access. Having more endpoints sitting outside of the protection of the corporate network also reduces visibility and increases exposure to attacks coming in via unsecured networks,” Pratt concluded.

Safeguard your remote workforce with the best ransomware protection services

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.