According to a published report by Dell, penetration into the cyber environment using vulnerabilities at the hardware level has recently become quite popular among hackers.
Not to say that this was such a closed topic – these vulnerabilities have been known for many years; but only now, with increased protection at the software level and implemented everywhere corporate systems for tracking security loops-such options as the use of loopholes in the hardware of both computers and network equipment have become more relevant.
At the same time, despite the critical nature of the level of attacks at the hardware level, only 59% implemented a hardware protection strategy.
And this is despite the fact that 63% of companies said that they had experienced at least one incident of information leakage during the year due to vulnerabilities in hardware protection.
With the increase BIOS memory – and, respectively, with the increase in there code, plus appeared in recent years, the possibility of software updates from the local network and the Internet – and, of course, the appearance of the ready channels of communication with the motherboard as computers and laptops, and all networking equipment has its own operating system (and not only – it printers, scanners, multifunction devices, SIM cards and more – importantly, to present OSes)…
Of course, network equipment manufacturers try to keep up with the times. But often their strategy is not so much in patches (patching “holes” in software, but rather in providing a paranoid level of secrecy in everything that concerns the functioning of their equipment – up to receiving encrypted update files via email). Of course, this brings quite a lot of benefits – without having information about the system, it is quite difficult to remotely collect the necessary amount of data to organize hacking with high-quality hardware protection. But, as usual, the weakest link in the protection of information is a person, and therefore the frequent cases of hacking companies that specialize in protecting information are extremely indicative. After all, they have a lot of data on the basis of which the security audit of many companies is conducted with a full description of hardware and software, schedules and security strategies…
…From the report data: 47% of the surveyed company representatives said that over the past year they have received at least two incidents at the hardware level, and most of them were carried out with the help of external attacks – 29%, phishing -43%, when exploiting software vulnerabilities – 41%, as well as web applications-40% or mobile malware – 38%…
Consequences of this policy of company management: these violations can lead to harmful consequences, including
– loss of confidential data (52%);
– financial losses related to system downtime (39%);
– slow it recovery time (36%);
– and failures that affect systems served by customers (35%).
However, it is encouraging to see that almost everyone has declared hardware security in their IT systems as a top priority for the coming year.
By investing in stricter security measures, organizations will see significant benefits. Companies reported major benefits, such as increased overall security of their businesses (55%), reduced equipment costs (39%), increased business continuity (44%), and accelerated digital transformation initiatives (42%).
This is where security at the chip level comes out in the first place – and it becomes clear that corporations-users of IT products want to understand what they are buying and someone has a company that produces a product in our time is not ready to be responsible for the entire production cycle, such a product is always the fruit of complex technologies, with a load of various patents and factories scattered around the world for the production of various components – and it is not always possible to understand the level and number of “engineering inputs” to the chip, intended most often for testing equipment, and how this will affect the ultimate security of a particular device.
By 2020, cybersecurity is becoming more sophisticated due to several factors-starting with the pandemic, the transition of many companies to remote office mode, and the undoubted improvement in the quality of software implemented during the pandemic to ensure the security of remote activities of corporate employees around the world.
As another new component – with the increase in free time, a new hobby appeared – deepfakes based on artificial intelligence. Adding this type of entertainment to the potential of the soon widespread introduction of 5G networks, especially with the developing and waiting for the speed of the Internet of things – we should expect more and more ways of hacking at various levels. Some deepfakes with fake voices and videos with executives can bring a completely unforgettable experience with completely practical consequences in the form of reputational and financial losses…
Thus, the concept of a single direction and security standard comes out in the first place, can at the level of the blockchain and, if possible, two – factor authentication of both a person and devices for correct activity both at the level of access and privileges in systems.