The importance of firmware security in our ever-connected era

If it is obvious that, most businesses don’t have comprehensive programs to tackle firmware security risks, I can recall that, organizations are increasingly aware of the growing importance of firmware security.

Attackers are increasingly targeting firmware, and Solutions are emerging to address firmware vulnerabilities within your IT infrastructure.

Organizations need to foster increasing cooperation and communication between IT departments and audit professionals, and establish robust controls for hardware lifecycle management.

The study, Firmware Security Risks and Mitigation, Enterprise Practices and Challenges, highlights the importance of establishing robust security management controls and auditing practices for firmware.

I can observe that, the report notes several tips to prevent attacks on firmware for the enterprise:

• Wherever possible, look for manufacturers that allow the enterprise to independently validate the integrity of their devices (servers, network, storage, IoT).
• Segregate devices into trust zones that allow the organization to operate trusted devices separate from untrusted or untrustable devices.
• Establish a firmware update policy.
• Because continuous monitoring is paramount, acquire systems and technologies specifically for monitoring the integrity of devices via the network, leveraging trusted technologies like Trusted Platform Module (TPM).

More information on the firmware report and a firmware security assessment for enterprises can be found at www.isaca.org/firmware.