Meltdown, Spectre, and Your Business

Cybersecurity has been close to the front of everyone’s minds for years. The more businesses digitise, the more sensitive information they place at risk of being leaked. This may result in substantial damage, both financial and reputational.

The January announcement of Meltdown and Spectre, two bugs affecting the vast majority of modern processors used in just about every static or mobile device, has caused global consternation, especially since fixes are only available for some devices and some patches have made devices inoperable.

The key question here is just how much of a risk are Meltdown and Spectre and without patches closing them off entirely, how can you protect your business?

What are Meltdown and Spectre?

Both Meltdown and Spectre are bugs in the logic used by modern processors to speed up code execution. A modern CPU uses its extra capacity to execute instructions speculatively in order to avoid delays. Meltdown and Spectre are each different ways of exploiting this speculative execution to run unintended code, or to leak information.

Meltdown uses out-of-order execution, one of the features which give modern processors such fantastic performance. It reads otherwise inaccessible areas of memory, potentially giving it access to system usernames and stored passwords.

Spectre uses a different aspect of speculative execution, where the processor essentially guesses the memory value it will need to access before it has been ‘asked.’ It reads areas of memory assigned to other programs, allowing code using this exploit to pull data from other running programs.

Is Your Business at Risk?

Until patches have been created by manufacturers and deployed, every machine is potentially vulnerable to both Meltdown and Spectre. Without a doubt, some, if not all, of the devices used by your business are at risk.

How to Defend Against Meltdown and Spectre

While Spectre and Meltdown both represent worrying vulnerabilities, they cannot be exploited remotely. An attacker needs code to be executed on a device which can exploit the weaknesses.

This means that standard security best practices will defend against these exploits. While operating system-level fixes are still in the works, many software developers have already developed fixes for their products, so ensuring all software your business routinely uses is kept up-to-date is critical.

As we have mentioned, both of these exploits need some malicious code to be run in order for them to ‘attack’ a machine. More extreme steps to safeguard your data can include creating an application ‘whitelist’ for managed devices, where any piece of software not expressly permitted is blocked from execution. At the very least, it is best to ensure that everyone with access to your company data is extra-vigilant with email attachments and files from questionable sources.

More than anything else, Spectre and Meltdown should illustrate the reality of cyber security. New threats are constantly emerging, threatening platforms which were believed to be safe. Security experts need to be constantly vigilant, scanning for potential vulnerabilities, and deploying fixes as they are found. The reality is that no system is ever completely safe.

Sources:
Spectre Attacks: Exploiting Speculative Execution:https://spectreattack.com/spectre.pdf
Meltdown:https://meltdownattack.com/meltdown.pdf

 

Latest Jobs

Don't just take our word for it

  • Tom Salvat, CEO, CONCURED
    "As a fast-growing start up, we need great people with a tough set of skills to find. They need to be hungry, experienced and fit the culture of a business that is always adapting and growing. Finding these people using Linkedin and other job boards is tough, time-consuming and rarely bears fruit. Ross has always been able to uncover gems for us, and we are benefiting greatly from his skills at CONCURED. Ross has a rare ability to really understand the business, the culture and the people that will nail the role. I couldn't recommend him highly enough, and he is the only recruiter we deal with"      
    - Tom Salvat, CEO, CONCURED
    Tom Salvat, CEO, CONCURED
  • Tariq Mahmood, Enterprise Sales, Concured AI Content Marketing
    I am writing to express my gratitude to Ross Clifford & Associates who helped me successfully secure the role of Enterprise Sales Executive at Concured. Ross was extremely professional and understood the specifics of the job I required. I especially appreciated his fast response, transparent communication, and coordination in a timely and efficient manner.
    - Tariq Mahmood, Enterprise Sales, Concured AI Content Marketing
    Tariq Mahmood, Enterprise Sales, Concured AI Content Marketing
  • Jessica Cole, Editor – Redwood London.
    Ross is one of the friendliest recruiters I've dealt with. He was always attentive, quick to respond and ready to help with any questions I had. He's very professional, and not at all superficial like so many other recruiters out there. I would highly recommend him.
    - Jessica Cole, Editor – Redwood London.
    Jessica Cole, Editor – Redwood London.
  • Gareth Lofthouse, Founding Partner, Longitude.
    “We look for commercial people with a rare blend of talents. They need to be able to advise our blue-chip clients on thought leadership strategy. They need to be highly strategic and purposeful in uncovering opportunity. And they need the hunger it takes to thrive in a rapidly evolving business. RC&A were quick to understand our needs, they only delivered high-quality people for interview, and succeeded in getting us a winning candidate incredibly fast.”  
    - Gareth Lofthouse, Founding Partner, Longitude.
    Gareth Lofthouse, Founding Partner, Longitude.
  • Johnny Meredith, Senior New Business Manager, The Bio Agency.
    I can't rate or recommend Ross highly enough. He brings a thoughtful, personal approach to the process, carefully matching opportunities with candidates, through a good understanding of their priorities and skills. Throughout, he keeps candidates up to date in an open, honest way. A genuine pleasure to work with.
    - Johnny Meredith, Senior New Business Manager, The Bio Agency.
    Johnny Meredith, Senior New Business Manager, The Bio Agency.
  • Karen Troman, Office Manager & HR Co-ordinator, VoucherCodes.co.uk part of RetailMeNot
    Ross is the best recruitment agent I have worked with, he stayed in contact, kept me informed and was with me every step of the process. He also checked in with me during my first couple of weeks in my new role to make sure I was settling in. I wouldn't hesitate to recommend him.
    - Karen Troman, Office Manager & HR Co-ordinator, VoucherCodes.co.uk part of RetailMeNot
    Karen Troman, Office Manager & HR Co-ordinator, VoucherCodes.co.uk part of RetailMeNot
  • Neil Kettleborough, CRO & Co Founder, Chalk Social
    I have worked with Ross over 4 years now and he has always delivered a really high standard of candidate both at senior and junior level. His online knowledge is second to none and all the candidates he has put forward over the years have only good things to say about Ross and his work ethic.
    - Neil Kettleborough, CRO & Co Founder, Chalk Social
    Neil Kettleborough, CRO & Co Founder, Chalk Social
  • Helen Rosemier, Commercial Director, Professional & Financial Services Practice, Longitude
    Ross is a fantastic recruitment consultant -  extremely professional, meticulous, patient and supportive. Throughout the process, I felt he represented me really well and genuinely cared about my career and finding the right role. Thanks to Ross I am now in a role I love, working with a brilliant team. Very highly recommended!
    - Helen Rosemier, Commercial Director, Professional & Financial Services Practice, Longitude
    Helen Rosemier, Commercial Director, Professional & Financial Services Practice, Longitude

© Ross Clifford Associates. Website by Outlines Design.