Real-World Advice to the Board About Meltdown and Spectre
Another week and another story about malware, this time the attacks are called Meltdown and Spectre. These weaknesses are particularly technical and widespread and, this time, it’s been picked up and (hyped up!) by the media.
But our advice is pretty much the same as always. Your IT guys simply need to get the basics right every time, efficiently, quickly and reliably, then you will be as safe as you can be. This attack has hit the headlines but there are new issues every week and this just should be bread and butter to your IT team.
The background is that Intel have revealed a significant flaw in their chips that has the potential to make almost every single computer used across the globe vulnerable to hackers giving them the ability to read the memory of the computer potentially gaining access to account details and passwords. What’s different on this occasion is that the problem is with the hardware, specifically the processor, and not something that can be easily fixed in hardware unless we’re going to replace all our devices, including smartphones and tablets, and computers and clearly that’s never going to happen. Instead, it’s the Operating System that needs to be updated to protect the hardware from the hackers and so, even though the flaw is on the chip itself, it’s the likes of Microsoft and Apple that are having to rush out a software patch.
It’s actually surprising that hardware flaws like this haven’t been seen before, today’s processors are incredibly complex so it’s quite likely that we’ll see more of this kind of flaw being found, particularly now researchers know they are possible.
Patches are being released for Microsoft, Linux servers and Apple and these should all be rolled out as part of the regular updates on your company PCs, servers, phones and tablets as soon as possible. However, your technology team or supplier should be careful; Microsoft have already identified that in some circumstances certain Anti-Virus systems can interfere with the patch and cause other problems. So, make sure that your technology team or supplier test the patches on a few machines first to satisfy themselves that all will be well before rolling it out to all machines in your company.
So check someone on the Board is chasing your IT guys about the schedule for applying these patches, updating anti-virus for all your servers and all your other devices. If you use cloud systems (or other hosted systems) then your IT people need to be checking that the provider is taking the necessary action.
Fortunately, because these flaws are complicated, at the moment the risk of hackers exploiting them is low. But new threats emerge every day, and your IT team must be actively involved, and managing the rollout of patches and updates all the time and checking your critical suppliers are doing the same.