Meltdown and Spectre: What Your Business Needs to Know

Meltdown-Spectre.png

Last year was full of highly-publicized malware attacks and security vulnerabilities, and it appears that 2018 will be no different. You may have heard about Meltdown and Spectre—two widespread security vulnerabilities—in the news recently. But how do they affect your business, and what (if anything) can you do about it? Read our quick guide below to find out.

What Are Meltdown and Spectre?

Simply put, Meltdown and Spectre are names for two separate (but similar) vulnerabilities researchers found in the way that computer processors (a.k.a ‘chips’) handle data. Hackers could theoretically use these vulnerabilities to bypass the safeguards (such as encryption) that operating systems employ to protect data.

These vulnerabilities were discovered by independent researchers and Google employees last year. Following standard protocol, they notified chip manufacturers (such as Intel and AMD) about the vulnerabilities, so that they could begin working on fixes. News leaked out to the public about them last week.

Is Your Business Affected?

While the Meltdown and Spectre vulnerabilities are widespread, not every business is at high risk.

We know that the Spectre vulnerability affects chips from numerous manufacturers (Meltdown applies to Intel chips only), meaning it is potentially present in virtually any device that has a chip—from computers and servers to mobile phones and smart home devices. But these vulnerabilities are incredibly difficult to exploit without direct access to your systems, meaning that the actual risk of attack is relatively low. Furthermore, chip manufacturers and software vendors have known about these vulnerabilities for several months and have already been developing and deploying updates to mitigate the vulnerabilities.

Still, some businesses are at greater risk than others. Companies that host their data in shared cloud environments, such as Amazon Web Hosting (AWS), are at much higher risk due to these vulnerabilities than companies who host all their data on their own equipment. That’s because, in a shared environment, multiple businesses are using the same computing resources—including chips—to access their data. A bad actor, then, could gain access to chips that are processing your data much more easily in this kind of environment.

What Can Your Business Do About Meltdown and Spectre?

We are already and will likely continue to see more security patches and updates—both from software vendors (like Microsoft) and hardware vendors (Intel, AMD, etc.)—designed to further mitigate the risks associated Meltdown and Spectre.

The best thing businesses can do, then, is to make sure a competent network administrator is managing critical updates to your systems – and watching out for potential issues that those updates cause. Unfortunately, some of these updates—such as the ones released by Intel to mitigate Meltdown—may result in slower processors in the short term. This doesn’t mean you shouldn’t apply them, but it does mean that they should be applied strategically, with the help of a competent IT professional.

If you have outsourced your IT to Affinity, know that we are constantly evaluating and strategically applying security patches to your systems—to keep you as secure as possible, with as little interruption as possible.

If you have any questions, or would like to discuss Affinity’s approach to network administration, don’t hesitate to contact us today.