TLDR:
Cybersecurity consultancies are leaving corporations exposed to firmware attacks by hackers, according to cybersecurity expert Michael Marcotte. The outsourcing model relied upon by many corporations is not an effective solution to cybersecurity threats. The cybersecurity consultancy sector is growing and set to reach $344bn worldwide by 2030, but this growth is not solving the root issues. Marcotte argues that corporations need to invest in-house to properly protect their firmware and defend against cyberattacks. State-backed hacking groups are a grave danger and targeting firmware, but executives are not taking enough action to address the problem. Increasing cybersecurity funding and resources for internal IT teams is key to addressing this issue.
Microsoft’s recent corporate system breach by a Russian state-sponsored hacking group highlights the shortcomings of the cybersecurity outsourcing model. Executives are now desperate for a quick fix to reassure investors, leading to an overreliance on cybersecurity consultancies. However, this is not a viable solution and corporations need to develop their cybersecurity capabilities in-house. The cybersecurity consultancy sector is growing rapidly, but CEOs and executives lack the necessary understanding of cybersecurity to effectively combat cyber-attacks. While compliance-based policies and employee training are important, corporations need to significantly increase their internal cybersecurity funding and resources to properly defend against firmware attacks.
Firmware attacks are a growing concern, with state-backed hacking groups such as Nobelium and BlackTech targeting corporate firmware to gain access and expose trade secrets. Corporations are putting themselves at risk by not adequately addressing the threat posed by these hacking groups. IT professionals have the knowledge to protect firmware, but lack the resources to effectively defend against highly sophisticated and well-funded hacking groups. Corporations must move away from their reliance on cybersecurity consultancies and focus on developing in-house cybersecurity capabilities.