Enterprise security lessons for Meltdown and Spectre defence

computer-chip

Media panic was at a fever pitch last week with news of the Meltdown and Spectre cyber security flaws.  This is another high profile cyber security event that enterprise organisations will have to manage over the next several months.

This is not, however, a repeat of the Wannacry and Not Petya incidents we saw during the summer of 2017.  Those events brought organisations to an abrupt halt, stopping them operationally with a dramatic impact on systems availability occurring within a short timeframe. The new Meltdown and Spectre flaws, on the other hand, have a number of different characteristics, which will alter the way organisations should respond.

Firstly, the present view is that this flaw will allow for data theft rather than enable a ransomware or similar attack to be launched.  As such, the impact will likely occur more slowly and over a longer time period.

Secondly, these new vulnerabilities represent a far more widespread issue.  Meltdown and Spectre affect nearly all the technology we use.  The flaws are found in the way in which the processors work.  This means that nearly every system using a processor — from our laptops to our servers to our phones to our process control systems — could be affected.  All of these will need to have upgrades made to them as the gamut of vendors release their respective solutions.

This will require a programmatic analysis of the asset register of each and every device within the IT estate.  Experience from the summer showed that many enterprises did not have a complete and current register.  Many have already started new initiatives to put in place improvements to their asset lifecycle management and recording.  The new flaws will only drive this trend further. If you do not have such a programme in place, then start one today.

Thirdly, the process of patch updates, which has been under the spotlight, will now be tested.  The criticality of an asset should determine the priority for updates. This may not be a simple issue as there is concern that updates to protect systems may well cause performance issues.  So, our testing routines will themselves be tested.

Fourthly, we need to be alert to any developments in the threat arena.  At present, there are proofs of concept for attack code, but no real evidence of hackers that have produced their own for use against enterprises.  Of course, we have to assume that they will. There has been too much publicity around this opportunity for hackers to ignore it.

So, it makes sense to focus our efforts on the area where hackers are most likely to launch attacks related to Meltdown and Spectre. And that area is the endpoint – the laptops or desktops used across the enterprise. This is the traditional route in. Let’s beef up our defences there and ensure our monitoring is alert to any changes in behaviour.

These flaws show why we need a structured approach to security — to continually make sure our basic protection processes are in place.  This is going to be a long haul and constant vigilance will be necessary. But there is no need to panic.  Just Keep Calm and Carry On … Patching.


Chris Moyer is Vice President of Security for DXC. He has spent more than 25 years building business and technology solutions for clients in several industries across multiple geographies. In previous roles, he has led solutioning, transformation projects and delivery assurance. He is also a member of the Institute of Electrical and Electronics Engineers. Connect with him on Twitter and LinkedIn.

Comments

  1. Jack O'Meara says:

    Thanks Chris. Nice article.

    Like

Trackbacks

  1. […] Enterprise security lessons for Meltdown and Spectre defence […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: