3500 Lacey Road, Suite 100
Downers Grove, IL 60515
Taking care of the basics of computing is the most immediate step users should take to counter recently identified security flaws on processing chips. That’s the view of members of the CompTIA IT Security Community, a group of industry experts and leaders who monitor the fast-changing cybersecurity landscape.
Earlier this month, security researchers disclosed that they had discovered vulnerabilities in processor chips used in virtually all computers and smart phones, as well as some cloud services.
“These flaws, labeled Meltdown and Spectre, could allow an attacker to access data stored in a device’s memory that should typically remain private, including passwords, photos, emails, instant messages and documents,” said Raffi Jamgotchian, president and chief technology officer of Triada Networks. “Many types of devices — with many different vendors’ processors and operating systems — are potentially susceptible to these exploits.”
Since the disclosure, more than 30 technology companies have issued security advisories, bulletins and updates in response.
“Most major vendors have fixes out, and others will release theirs soon,” Jamgotchian said. “Make sure you have the latest antivirus updates, make sure you have updated your operating systems.”
“I know it’s way more fun to shop for gadgets with magical, blinking lights than it is to do janitorial tasks like risk assessment, timely updates and regular, tested backups,” said Lysa Myers, security researcher at ESET. “But diligently performing routine maintenance tasks is a whole lot more effective, and usually a heck of a lot cheaper in both the short- and long-term.”
The long-term impact on Meltdown and Spectre is still to be determined, especially when one considers the billions of devices that could potentially be affected.
But for right now, individuals and organizations should take the same steps with Meltdown and Spectre as they’ve hopefully done with previously reported security flaws.
There are circumstances where a timely update may not be feasible for a variety of possible reasons. This will be particularly problematic for industrial control systems, medical devices and Internet of Things devices. If you do have a device that cannot be promptly updated, you should bolster security by other means. Here are a few steps you can take on vulnerable machines.
“Patches [for Meltdown and Spectre] are now available, apply them and move on,” said Ian Trump, global cyber security strategist and consultant. “Or don’t apply them and be among the victims.”