If vulnerable, unpatched, and out-of-date software is a major factor in the success of cyberattacks, may this problem be solved by switching to a hardware-based security solution? Experts in the field of security think the answer is more nuanced than that.
Kingston’s release of the IronKey Keypad 200 USB drive, which it says is the first drive in the industry to guarantee military-grade protection for our data, sparked the conversation.
The drive’s several read-only modes help to keep sensitive information safe from malicious users and hackers. In the fight against malware that spreads via USB sticks, such as the one identified earlier this year, this could be useful.
Sami Elhini, senior product manager at Cerberus Sentinel, told Lifewire via email, “The Kingston IronKey Keypad 200 is an exciting advancement in secure portable storage.” This device is appropriate for securing confidential information because of its robust encryption algorithm, pin lockout feature, self-destruct capabilities, and epoxy tampers protection.
Hardware-based security is a kind of defense against intrusions that use hardware devices, as opposed to computer software. Smart cards are a common example, and they may be used in tandem with passwords to add an extra layer of security to any type of user account, whether it’s online or offline.
“As we continue to observe an increase in the number of software vulnerabilities, providing additional security controls through hardware could undoubtedly be an added benefit for normal users on the consumer side,” Tonia Dudley, VP, and CISO at Cofense told Crossover99 in an email.
Dudley says it’s well worth it to beef up hardware security by adding extra levels of protection and security controls. She mentions Yubico’s Yubikey as an example, a device widely adopted for bolstering multi-factor authentication (MFA).
KnowBe4’s data-driven defense advocate Roger Grimes, on the other hand, isn’t easily convinced of the merits of hardware security devices.
Grimes, writing to Lifewire, praised the IronKey Keypad 200 USB drive as a reliable portable storage option that would appeal to those seeking the “best and strongest.” The strength of the encryption technique isn’t even taken into account, he said, in the vast majority of hacking attempts.
How often do you hear people saying things like, “If only I had military-grade encryption, that attack wouldn’t have happened” in response to a real-world exploit? It was a rhetorical question from Grimes. “No. Not a soul has. It’s not what’s under fire these days.”
Barking up The Wrong Tree
According to Grimes, hardware-based security won’t be able to stop the vast majority of current threats.
Based on his experience, Grimes has concluded that “social engineering,” “unpatched software,” and “password reuse” are the three most common causes of security breaches. “Hardware by itself does not address these issues.”
He went so far as to say that, from the perspective of unpatched software, hardware is just software that is far more difficult to patch.
Grimes noted that fraudsters are actively targeting a wide variety of hardware devices and firmware, citing the CISA’s Known Exploited Vulnerability Catalog as evidence.
Grimes elaborated by saying that historically speaking, attackers focused mostly on Microsoft Windows, Google, and Apple products. While hackers still go after widely used programs, routers, NAS drives, VPNs, DVRs, and other network hardware have become the key targets.
This is because, as he argues, attackers are aware that most people don’t treat patching hardware with the same urgency as they do software.
Unlike updating Windows or another OS component, “I guarantee you that if this [IronKey Keypad 200 USB drive] comes up with a bug, it will take [people] significantly longer to patch and correct,” added Grimes.
So, while hardware-based security solutions might sometimes make up for software-based security solutions’ flaws, they shouldn’t be seen as a silver bullet.