Meltdown and Spectre dominate the security news. If you are a technology professional or a technology solutions provider, you’ve heard about these nasty vulnerabilities in the news lately. We are on the cusp of a third industrial revolution and the security events we see now are merely a new-found reality of being ‘connected’. Security will be paramount this year and moving forward as technology intrinsically develops more into our daily lives.
In the wake of WannaCry and Petya last year, we learned just how important it is to be up to date with all connected devices. Ransomware attacks targeting corporations on a global scale should be enough to shake us to our core and act. Now more than ever, security, privacy and compliance will be top of mind for all technology professionals.
Gartner predicted late 2016 in their report, How to Respond to the 2017 Threat Landscape, that "Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year."
Turns out, Gartner was accurate in their prediction as the three variants of side-channel attacks, Meltdown and two different for Spectre, were discovered back in June of last year by researchers using speculative execution, which is where processors execute on code and then fetch and store the speculative results in cache. It’s a technique used to optimize and improve the performance of a device. What is important to note with Spectre is that it puts users at risk for information disclosure by exposing the weakness in the architecture of most processors in the market, and the breadth is vast: Intel, AMD, ARM, IBM (Power, Mainframe Z series) and Fujitsu/Oracle SPARC implementations across PCs, physical and virtual servers, smartphones, tablets, networking equipment and possibly IoT devices.
Of the two, Meltdown is the easier one to mitigate with operating system, browser and firmware updates. Spectre is a bit more complex to resolve because it is a new class of attack. The two variants of Spectre both can potentially do harm like stealing logins and other user data residing on the affected device. Things are still evolving around Spectre and while operating system updates and browser updates are helping, it is being reported by some sources that a true fix may be a replacement to the hardware itself. Fortunately, there are no reported exploits for these vulnerabilities in the wild, so there is time to ensure mitigation plans are in place.
At ConnectWise, our security guru Greg Surla explains, “If you have a solid Incident Response Program partnered with the tools that allow that program to be effective, such as ConnectWise Automate, it’s just a matter of going through your response processes to get to the finish line. The simple fact is that security events and incidents are not going away, so it’s important that an organization like ConnectWise put a plan together that allows us to react quickly and effectively against zero day and other types of large-scale or high-profile attacks.”
The key to a plan is having one. If you don’t have one yet, here are 5 steps and what ours looks like at a high level at ConnectWise:
- Awareness – Monitoring for events and keeping up to speed on the latest security news.
- Inventory & Risk Assessment – Know your environment and understand the overall risk.
- Prioritize & Plan – Discern levels of infrastructure and organize your remediation efforts.
- Implement Operational Action – Coordination and application of controls within the organization, including education and training of staff.
- Future Planning – Establish standard practices through continuous inventory and risk assessment to the ecosystem and make it a priority.
Want to learn more about how ConnectWise can you help your organization? Visit here.
Brett Cheloff is general manager for ConnectWise Automate. Read more ConnectWise blogs here.