The BBC has questioned whether Microsoft’s publication of a post claiming that firmware attacks are on the rise is a red herring to distract from the issues the company is having with Microsoft Exchange Server.
But on closer examination it looks like Redmond has some new toy to sell and that is the reason why it has started the talk about firmware security.
The software behemoth claimed in a study done for it by Security Signals, in the US, UK, Germany, Japan and China and covering 1000 tech decision-makers, that 80% of the firms had seen at least one firmware attack in the last two years. Yet, only 29% of security budgets were devoted to protecting firmware.
I’ve been really steering clear of the “firmware attacks” claims…i don’t believe the community would even agree on what “firmware” is, let alone be able to distinguish attacks on firmware. Embedded OS’s aren’t traditionally “firmware”.
— nluedtke (@nluedtke1) April 6, 2021
BBC business reporter Mary-Ann Russon wrote: “However, the new report comes on the back of a recent significant security vulnerability affecting Microsoft’s widely-used Exchange email system.
“And the computing giant launched a range of extra-secure Windows 10 computers last year that it says will prevent firmware from being tampered with.
“So is this just an attempt to divert attention and sell more PCs, or should businesses be more worried?”
Kevin Beaumont, a Microsoft researcher and a well-known security figure, pointed out in a tweet that some of his CISO friends did not seem to know what firmware was.
“I did a poll of some CISO friends about if they’ve been hit with firmware attacks, and most said yes,” he wrote.
“So I asked for details. They had VPNs (e.g. Pulse Secure), WAFs etc owned, and needed to ‘firmware upgrade’, vendor description. Actually software upgrade to an appliance.”
And he added: “Linux appliance upgrades have been termed by vendors as firmware upgrades, when really it’s OS and software upgrades.”
Towards the end of the study, the reason why Microsoft was going on and on about firmware security became apparent.
“With our partners, Microsoft has created a new class of devices specifically designed to eliminate threats aimed at firmware called Secured-core PCs,” the Microsoft Security Team wrote.
“This was recently extended to Server and IOT announced at this year’s Microsoft Ignite conference.
“With Zero Trust built in from the ground up, this means security device managers will be able to invest more of their resources in strategies and technologies that will prevent attacks in the future rather than constantly defending against the onslaught of attacks aimed at them today.”
And to drive home the point, the Microsoft post said: “The SDMs in the study who reported they have invested in secured-core PCs showed a higher level of satisfaction with their security and enhanced confidentiality, availability, and integrity of data as opposed to those not using them.”
I have always referred to Microsoft as a marketing company first, and then a technology company. Posts like this tend to justify that conclusion.
GRAND OPENING OF THE ITWIRE SHOP
The much awaited iTWire Shop is now open to our readers.
Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.
PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.
Products available for any country.
We hope you enjoy and find value in the much anticipated iTWire Shop.
ENTER THE SHOP NOW!
INTRODUCING ITWIRE TV
iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.
We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.
In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.
We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.
See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.
SEE WHAT’S ON ITWIRE TV NOW!