Processors are a big deal. They run our computers and devices, and they handle our sensitive data. So news reports in January 2018 about suspected vulnerabilities affecting processors from multiple chip companies captured a lot of attention – and for good reason. The vulnerabilities, named Spectre and Meltdown, make it possible for attackers to access data and information. An untold number of processors are affected, which means that the vulnerabilities extend to an equally untold number of computers, devices, and even networks.
Hardware vendors became aware of initial Spectre and Meltdown vulnerabilities beginning in June 2017. Unbeknownst to most of us, for the next seven months, security experts at Intel, Advanced Micro Devices (AMD), Arm Holdings (formerly Advanced RISC Machines), and others were working feverishly to patch and prevent exploits. As of February 2018, bad actors had not yet released weaponized exploits to the public – exploits specifically meant for Microsoft™ Windows™ operating systems. However, threat agents have released proof-of-concept code demonstrating the vulnerabilities’ impact and targeting Linux™ operating systems.
Since the public disclosure in January 2018, more computer manufacturers and software developers have been transparent about their plans to patch. With the vulnerabilities taking advantage of speculative execution, which allows modern-day CPUs to operate on multiple instructions at once, the biggest concern with patching is just how much of a performance hit computers would take. Users have reported delayed or recalled patches, blue screens of death, random restarts, processing slowdowns, and antivirus incompatibility.
A threat is defined as a “potentially negative occurrence.” Now that the Spectre and Meltdown vulnerabilities have been disclosed, hackers are hard at work attempting to exploit the existing threats. The latest incident aside, IT managers should always be thinking about how to protect their environment. Patching is only one of many layers of defense against outsiders, but it’s not foolproof. A few additional steps that can help defend against threats and protect your environment include:
Data backup. If a patch already exists to remediate a threat, back up your data. This step is critical, especially if manufacturers and developers insist on installing patches immediately. While rolling back the patch might be an option, it’s a best practice to be able to perform a restore should something go wrong.
Patch testing. If possible, evaluate the deployment of patches in a test or nonproduction environment. If a secondary environment that mirrors production does exist, applying the patches there first is highly recommended.
Multiple patch application. Using the method of applying a patch and testing it before applying another patch on top is wise because it reveals a point-in-time assessment about which patch worked, which one did not, and which patch broke something else.
Endpoint protection. While some patches are incompatible with a few antivirus solutions, it’s always prudent to make sure that virus definitions are up-to-date. Zero-day threats are tough to contend with, but being days or weeks behind only exacerbates the problem.
Layered protection. Having only one layer of protection might have been good enough when a breach happened every five years, but those days are long gone, with no sign of returning anytime soon. Multiple levels of protection can help you secure and shield your environment:
Obviously, protecting against every vulnerability in real time has proven to be next to impossible. However, we can control how we prepare and respond to threats by staying vigilant and taking proactive steps. As threat agents sharpen the tools in their boxes, organizations should establish nimble and effective countermeasures to avoid both compromise and its ensuing consequences, including the negative press we all dread.
Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.
In accordance with applicable professional standards, some firm services may not be available to attest clients.
© 2018 Crowe Horwath LLP, an independent member of Crowe Horwath International.
As of June 1, 2016, the professionals of AbleBridge have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on Microsoft Dynamics® CRM (now Dynamics 365) sales and implementation as well as innovative add-on products.
The personnel of SDGblue have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm with a global risk consulting practice and offices around the world. This move provides SDGblue clients access to a broader range of products, services, and solutions, while expanding the Crowe cybersecurity risk management capabilities with a deeply specialized team.
Looking for the Client Login?
Access the SDGblue Client Portal
As of Oct. 30, 2017, the professionals of Rowbotham International have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on domestic and international tax and audit compliance services, as well as advisory services.
The personnel of Tru8 Solutions LLC have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm with a global risk consulting practice and offices around the world. This move provides Tru8 clients access to a broad range of products, services, and solutions, while deepening the Crowe GRC technology expertise to manage risk by better leveraging data and gaining more predictive insight.