The October 2016 CSX North America Conference was a "resounding success," according to the ISACA conference webpage. Attendees left armed with information on key issues facing the industry, including how more qualified people are needed, the importance of cybersecurity is not fully appreciated, the global infrastructure is at risk and mobility increases vulnerability. Attendees also discussed an item close to our heart: the overlooked security threat of firmware.
A Federal News Radio post, sponsored by the ISACA, explained that, "Firmware is software embedded in devices like printers, cameras, routers, scanners, etc. [and] Justine Bone, CEO of MedSec reported, 'Attackers are targeting firmware — many breaches and vulnerability discoveries these days can be attributed to firmware problems.' An ISACA study confirmed few organizations are prepared and firmware is highly vulnerable to cyberthreats. The study showed only 13 percent of security professionals’ enterprises have fully implemented controls for firmware."
We couldn't agree more. But, there are ways to combat vulnerabilities - including training for embedded firmware developers, engineers and other staff. There are also testing and tools that can be used to protect unsecured devices.
Proactive and progressive companies are opting to not overlook the security threat of firmware. Rather, they're actively working with providers to leverage services and tools that strengthen their embedded devices against possible cyber attacks.