Microsoft today announced a series of new, ultra-secure, Windows-powered PCs to protect customers that handle highly sensitive information from cyberattacks.
Protecting firmware, which is responsible for booting up hardware and software, is a focal point of the new “Secured-core PCs.” Firmware has become an increasingly popular target for hackers because those types of attacks are hard to spot, Microsoft said.
Microsoft’s new Surface Pro X device will be part of the program, and it is working with partners such as Dell, Dynabook, Lenovo and Panasonic on other Secured-core PCs. The program includes some previously announced devices, such as the HP Elite Dragonfly.
The devices are aimed at people who handle sensitive customer and personal data in areas like healthcare, government and finance that are frequent targets of “nation-state attackers,” Microsoft said.
The new PCs “combine identity, operating system, hardware and firmware protection to add another layer of security underneath the operating system,” David Weston, partner director of OS security at Microsoft, wrote in a blog post. Protections are embedded deeply in the machine to prevent attacks rather than detecting them after the fact.
“These requirements enable customers to boot securely, protect the device from firmware vulnerabilities, shield the operating system from attacks, prevent unauthorized access to devices and data, and ensure that identity and domain credentials are protected,” Weston wrote.
Microsoft says firmware attacks rose 5X between 2016 and 2018. When malware attaches to a device’s firmware, Microsoft says, it can resist traditional security techniques like an operating system re-install or a hard drive replacement.
“Compromises targeting firmware can undermine mechanisms like secure boot and other security functionality … making it more difficult to identify when a system or user has been compromised,” Weston wrote.
Microsoft cited data showing the mounting cost of cyberattacks, and how much companies are investing in security. The average total cost of a data breach in 2018 was $3.86 million, up 6.4 percent over the prior year. More than $124 billion will be spent on information security around the world this year. And by 2027, worldwide spending on security awareness training for employees will exceed $10 billion, according to research by Cybersecurity Ventures.
As the leader in the traditional PC market, Microsoft has positioned itself as an important player in the battle against hackers. Microsoft has recently introduced additional layers of security to help people protect their own documents. It has also created tools to bolster security for political organizations and voting systems.
