“Firmware attacks are not common on a day-to-day basis, but that’s because people don’t realise they’re being infected by such an attack,” says Mr Boyd.
“It’s like when ransomware first came onto the scene – people didn’t know of anyone who was infected by it, and if big organisations were, they wouldn’t tell anyone about it, as there was an element of shame, not wanting their clients to know they’d been infected.”
Mr Boyd adds that a new generation of “budding hardware enthusiasts” who have been learning their way around firmware by “modding video game consoles over the last decade” could well pose additional threats to enterprise cyber-security going forward – a point Mt Cirlig fervently agrees with, since he hacked the firmware in his own car when he was younger.
“Microsoft is right to raise this as a major issue, because we need to bring firmware designers and operational technologies along the journey of cyber-security, the way we have with software companies,” says Mr Potter.
“As we connect more things to the internet, we’re connecting a lot more devices that haven’t been designed with cyber-security in mind. And if the trend continues, bad guys will go after it.”