Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week, we cover the Spectre and Meltdown firmware flaws.
Meet the new kids on the IT security block: Spectre and Meltdown. By “new,” we really mean these flaws are new to us; in reality, they’ve been around for the past two decades. These flaws make it possible for an attacker to steal sensitive information—such as passwords and certificates—resting inside a processor’s cache.
Industry giants including Apple, Intel, Microsoft, and Google have all fallen prey to these flaws and have announced updates to mitigate them. While the temporary solution is to apply these patches in a timely manner, the long-term fix is for the companies who make processors to focus on developing chips that are immune to these exploits.
The Spectre and Meltdown saga has surely changed the way we perceive IT security, which is often restricted to software. With digital transformation causing businesses to become more focused on ubiquitous computing, connectivity, and personalization, the demand for sensitive information—such as biometric data, IP addresses, and even political, religious, and philosophical preferences—is reaching new heights.
If there’s one thing Meltdown and Spectre have taught us, it’s that the ramifications of ignoring the growing need for a 360-degree IT security infrastructure can be devastating. Although software is usually in the forefront for security practices, Meltdown and Spectre have shown us that every security strategy should include hardware as well.
That said, here are five interesting reads about Spectre and Meltdown, including the latest developments surrounding these flaws:
- Meltdown and Spectre
Hosted by Graz University of Technology, this site offers scholarly if not definitive overviews on both Meltdown and Spectre, as well as an exhaustive list of FAQs and links to advisories from involved or affected companies.
- MADIoT – The nightmare after XMAS
It’s time to take a good hard look at the data stored on your IoT devices—or hackers might beat you to it.
- IT Security’s Reality Distortion Field
We need to see through the “reality distortion field” surrounding cybersecurity and place our bets on strategies that align with the problems we face today.
- Meltdown and Spectre: The looming death of security (and what to do about it)
These latest flaws show, once again, that security is a mirage. It’s time for a better approach.
- Time to get serious about hardware security
Eliminating the threat posed by Meltdown and Spectre will likely take more than just a software patch, despite the reassurances issued by major technology companies.
So, how do enterprises stay ahead of such threats in the future? It’s all about timely detection and mitigation, which boils down to adopting an intuitive endpoint management system. This will not only increase productivity by reducing the manual effort required for endpoint management, but will also lay the foundation for automatic, solid mitigation strategies for potential security events.
With an increasing number of breaches (a whopping 9 billion breaches since 2013), IT decision makers should leverage intelligent solutions that will help them stay ahead of security incidents and secure sensitive data, as well as the systems holding that data. After all, IT security is a never-ending process and no one is immune to cyber attacks.