Cyber security researchers recently announced the discovery of two major security flaws that could allow hackers to bypass regular security measures and obtain normally inaccessible data. They’re called Meltdown and Spectre, and they’re both caused by design flaws found in nearly all modern processors. Hackers can exploit these vulnerabilities to access all of the data found in personal computers, servers, cloud computing services and mobile devices.
As Meltdown and Spectre are both caused by design flaws, experts believe that they will be harder to fix than traditional security exploits. Additionally, software patches that have already been released to help address the vulnerabilities can cause computer systems to slow down significantly, which may impact their ability to perform regular tasks. Here are some key details about each flaw:
• Meltdown: This flaw can be used to break down the security barriers between a device’s applications and operating system in order to access the device’s data.
• Spectre: This flaw can be used to break down the security barriers between a device’s different applications and access sensitive data like passwords, photos and documents—even if those applications adhere to regular security checks.
When Meltdown and Spectre were originally discovered in 2017, researchers immediately reported them to major hardware and software companies so work on security fixes could begin without alerting hackers. As a result, services and applications offered by companies like Microsoft, Google, Apple and Amazon have already been updated to help defend against the flaws. However, your organisation should not rely solely on a software patch to protect against these vulnerabilities. Here are some steps you can take to protect your computer systems and devices from Meltdown and Spectre:
• Update all of your devices immediately, and check for new updates regularly.
• Contact any cloud service providers and third-party suppliers you use to ensure that they are protected against Meltdown and Spectre. Cloud services and computer servers are especially vulnerable to the exploits, as they often host multiple customers on a single device.
• Install antivirus and firewall systems to protect against regular malware. Researchers believe that hackers need to gain access to a device in order to exploit Meltdown or Spectre, so keeping your devices free of malware can help prevent data theft.
For additional guidance on how to protect your organisation with cyber insurance, contact A-Plan today.