The ongoing cybersecurity crisis is compounded by hybrid work arrangements with employees far from the shelter of corporate networks.
According to IDC, North American technology leaders agree that, for better or for worse, hybrid work is here to stay. And it poses particular risks for enterprises coping with a steadily rising tide of threats. That’s because endpoints such as laptops serve as inviting targets for cyberattacks.
According to Vedere Labs, computers represent the sixth most risky IT asset, scoring 8.5 out of 10 on the Common Vulnerability Scoring System (CVSS). And within devices, firmware is increasingly under attack. For example, the Unified Extensible Firmware Interface (UEFI) — a low-level firmware that helps secure devices before the operating system loads — faces new threats. Before 2021, researchers recognized just two types of UEFI malware. Today, there are at least five.
Meanwhile, digital transformations and industry 4.0 are adding millions of new devices to the potential attack surface. These attacks hit enterprises in another vulnerable area: software supply chains. “Two of the biggest attacks in the last two years have been related to supply chains,” says Akash Malhotra, head of security product management at AMD.
Supply chain attacks — including the high- profile SolarWinds hack — compromise one component of the software stacks enterprises depend on to gain access to others. “It’s not so much that they’re new,” Chuck Schalm, commercial business development leader at AMD, says of supply chain attacks. “It’s just that the severity is heightened now more than five years ago.”
A multilayered approach to security, which helps secure hardware and software at every level, can go a long way toward countering these threats and others to come. That’s because a layered approach does not depend on any single component for effective security.