Meltdown, Spectre and You

If you have not heard about the Meltdown and Spectre vulnerabilities announced late last week, you must have been off the grid.  Welcome Back!

The media was having a field day with this story, considered one of the most significant security vulnerabilities in history.  If you are like me, you probably immediately start asking, “What does this really mean to me?”  In our case, we are asking, “What does this means for our clients?”

It is true that Meltdown/Spectre is a massive vulnerability. Several things make this such a big story.  Here are a few of them.

  1. Meltdown and Spectre are hardware vulnerabilities while most vulnerabilities are software related.
  2. This vulnerability exists in almost every computing device since 2010.
  3. Because it is a hardware vulnerability, it is not just limited to computers running Windows.
  4. The amount of work to fix the hardware issue is enormous.
  5. Finally, the fix can reduce the processing speed of the computer by up to 30%.

How can this be used against me?  The nitty gritty of it is that this hardware vulnerability allows unauthorized applications to read data out of your computer's memory. Everything you run, type, or click on your computer goes through the memory.  This includes passwords, bank account numbers, emails, and other confidential information.  With this vulnerability, there is the potential for a malicious program to read that data.

While all of this truthfully sounds very scary, the reality is that if you are utilizing the appropriate layers of security within your business the chances that this will affect you is highly unlikely.

First, in order to exploit this vulnerability, a malicious user needs to run software on your computer.  Hopefully, you are only running software that you authorized and know is legitimate.
Do not take this statement lightly.  Hackers get people to run software every day on their computers.  I am sure we all know someone that has been affected by ransomware or another malware on a computer system.  Perhaps you have been affected by it yourself.

How did that situation happen?  More than likely it came from a phishing email or a phony website.  Hackers are getting better and better at social engineering (the art of tricking people into doing what you want them to), so you need to have training, awareness, and testing in place to get your employees knowing what to look for to avoid these costly mistakes.  This is one layer of security.

Another layer to protect against phishing emails is spam filtering.  While it is not 100%, it does reduce the chance that phishing emails make it to your inbox.  When you couple this with the knowledge that comes from good training, you have drastically reduced your chances of becoming a victim.

So now you know a little about this vulnerability and how to protect yourself.  But you shouldn’t be left on your own.  What are Microsoft and other Information Technology vendors doing about this?  The answer is quite a bit.  Once these vulnerabilities are discovered, patch updates get created to fix the vulnerability.  Microsoft has or will issue a patch that mitigates the risk. The vulnerability still exists at the hardware layer, but Microsoft can fix the way software is allowed to interact with the hardware.  When Microsoft puts patches out for major security vulnerabilities similar to this one, you need to have a way to easily deploy those patches and verify that they installed properly.  This is another layer of security that will help protect your business.

Is there anything more you can do?  Additional security layers such as anti-virus, anti-malware, and firewalls can come into play to protect you as well.  When a major vulnerability like this is discovered, these manufacturers jump into action looking for software that exhibits the behavior described in the report.  When their products see this behavior, they can shut down and quarantine the software.  Advanced Endpoint Software is an option that can really give you some robust protection.  Most anti-virus programs run off “definitions” which are just lists of viruses that are already known.  With the ever-evolving virus landscape - hundreds of thousands of new variants every day - you need more than just definitions. You need protection that acts as a profiler - analyzing the behavior of everything running on your computer.  Advanced endpoint protection will give you this.  With this layer in place, if you happen to fall for a phishing email, the advanced endpoint protection will recognize it and kill it.

These are just a few of the basics when it comes to protecting yourself against vulnerabilities like Meltdown or Sceptre from being exploited on your computer.  When it comes to other viruses like ransomware, you may want another highly critical layer in place - good backups. Good backups are your failsafe. If malware makes it past your other security protections to encrypt, destroy, or steal your critical business data, a good backup system in place can quickly undo all that damage.

If you are unsure if you are doing everything you can to protect your network, your partners at Right Hand Technology Group are here to help.  Give us a call at 412-254-4448 to discuss!