Meltdown, Spectre, and Your Business

Cybersecurity has been close to the front of everyone’s minds for years. The more businesses digitise, the more sensitive information they place at risk of being leaked. This may result in substantial damage, both financial and reputational.

The January announcement of Meltdown and Spectre, two bugs affecting the vast majority of modern processors used in just about every static or mobile device, has caused global consternation, especially since fixes are only available for some devices and some patches have made devices inoperable.

The key question here is just how much of a risk are Meltdown and Spectre and without patches closing them off entirely, how can you protect your business?

What are Meltdown and Spectre?

Both Meltdown and Spectre are bugs in the logic used by modern processors to speed up code execution. A modern CPU uses its extra capacity to execute instructions speculatively in order to avoid delays. Meltdown and Spectre are each different ways of exploiting this speculative execution to run unintended code, or to leak information.

Meltdown uses out-of-order execution, one of the features which give modern processors such fantastic performance. It reads otherwise inaccessible areas of memory, potentially giving it access to system usernames and stored passwords.

Spectre uses a different aspect of speculative execution, where the processor essentially guesses the memory value it will need to access before it has been ‘asked.’ It reads areas of memory assigned to other programs, allowing code using this exploit to pull data from other running programs.

Is Your Business at Risk?

Until patches have been created by manufacturers and deployed, every machine is potentially vulnerable to both Meltdown and Spectre. Without a doubt, some, if not all, of the devices used by your business are at risk.

How to Defend Against Meltdown and Spectre

While Spectre and Meltdown both represent worrying vulnerabilities, they cannot be exploited remotely. An attacker needs code to be executed on a device which can exploit the weaknesses.

This means that standard security best practices will defend against these exploits. While operating system-level fixes are still in the works, many software developers have already developed fixes for their products, so ensuring all software your business routinely uses is kept up-to-date is critical.

As we have mentioned, both of these exploits need some malicious code to be run in order for them to ‘attack’ a machine. More extreme steps to safeguard your data can include creating an application ‘whitelist’ for managed devices, where any piece of software not expressly permitted is blocked from execution. At the very least, it is best to ensure that everyone with access to your company data is extra-vigilant with email attachments and files from questionable sources.

More than anything else, Spectre and Meltdown should illustrate the reality of cyber security. New threats are constantly emerging, threatening platforms which were believed to be safe. Security experts need to be constantly vigilant, scanning for potential vulnerabilities, and deploying fixes as they are found. The reality is that no system is ever completely safe.

Sources:
Spectre Attacks: Exploiting Speculative Execution:https://spectreattack.com/spectre.pdf
Meltdown:https://meltdownattack.com/meltdown.pdf

 

  • I am writing to express my gratitude to Ross Clifford & Associates who helped me successfully secure the role of Enterprise Sales Executive at Concured. Ross was extremely professional and understood the specifics of the job I required. I especially appreciated his fast response, transparent communication, and coordination in a timely and efficient manner.
    - Tariq Mahmood, Enterprise Sales, Concured AI Content Marketing
  • Ross is one of the friendliest recruiters I've dealt with. He was always attentive, quick to respond and ready to help with any questions I had. He's very professional, and not at all superficial like so many other recruiters out there. I would highly recommend him.
    - Jessica Cole, Editor – Redwood London.
  • “We look for commercial people with a rare blend of talents. They need to be able to advise our blue-chip clients on thought leadership strategy. They need to be highly strategic and purposeful in uncovering opportunity. And they need the hunger it takes to thrive in a rapidly evolving business. Ross was quick to understand our need, he only delivered high-quality people for interview, and he succeeded in getting us a winning candidate incredibly fast.”  
    - Gareth Lofthouse, Founding Partner, Longitude.
  • I can't rate or recommend Ross highly enough. He brings a thoughtful, personal approach to the process, carefully matching opportunities with candidates, through a good understanding of their priorities and skills. Throughout, he keeps candidates up to date in an open, honest way. A genuine pleasure to work with.
    - Johnny Meredith, Senior New Business Manager, The Bio Agency.
  • Ross is the best recruitment agent I have worked with, he stayed in contact, kept me informed and was with me every step of the process. He also checked in with me during my first couple of weeks in my new role to make sure I was settling in. I wouldn't hesitate to recommend him.
    - Karen Troman, Office Manager & HR Co-ordinator, VoucherCodes.co.uk part of RetailMeNot
  • I have worked with Ross over 4 years now and he has always delivered a really high standard of candidate both at senior and junior level. His online knowledge is second to none and all the candidates he has put forward over the years have only good things to say about Ross and his work ethic.
    - Neil Kettleborough, CRO & Co Founder, Chalk Social
  • Ross is a fantastic recruitment consultant -  extremely professional, meticulous, patient and supportive. Throughout the process, I felt he represented me really well and genuinely cared about my career and finding the right role. Thanks to Ross I am now in a role I love, working with a brilliant team. Very highly recommended!
    - Helen Rosemier, Commercial Director, Professional & Financial Services Practice, Longitude
  • I have no hesitation in recommending Ross. He is, by quite some distance, the best recruiter I have worked with. Perhaps unusually, Ross listens carefully in order to understand the needs of his clients and candidates, thereby ensuring that good matches are made; we are not talking 'spray and pray'. Likeable and on the ball, I hope to work with him again.
    - Pete Braham, Business Development, Longitude.

© Ross Clifford Associates. Website by Outlines Design.