Should firms be more worried about firmware cyber-attacks?

I’ll bet you’ve got equipment that hasn’t had a firmware update in years, even decades. The BBC tries to explain why this is an issue but I’d add that you need to be able to detect movement around your network, especially between IT and OT systems…:

The National Institute of Standards and Technology (NIST), an agency within the US Department of Commerce, continually updates a National Vulnerability Database (NVD) with new security flaws.

The database has recorded a five-fold increase in attacks against firmware in the last four years.

Coronavirus lockdowns in multiple countries have led to multiple employees working from home and connecting remotely to work servers. Each one of those computers and mobile devices is an opportunity.


Original article