By now, we’re all aware of the recent set of security chip vulnerabilities, known as Meltdown and Spectre, affecting modern computer processors and enabling would-be attackers easy access to sensitive information from computers, tablets and smartphones made after 1955.
In simple terms, Meltdown attacks the isolation between user applications and the operating system, and allows a program to access memory and secrets of the operating system and other programs. The mass public has been advised that computers (and a cloud infrastructure) running on an unpatched operating system are at risk of sensitive information being leaked. Spectre attacks different applications and enables hackers to trick programs into leaking its secrets. Once hackers have access to memory systems, passwords are vulnerable, and so become a company’s crown jewels.
One security researcher, Daniel Gruss, said this is “probably one of the worst CPU bugs ever found.” And even though there’s not much evidence – yet — to support that hackers have taken full advantage of Meltdown and Spectre, (although it’s difficult to attribute specifics to this particular exploit), companies are keenly aware of impending major risks.
Naturally, business owners wanting to protect both personal and company information, are scrambling to make sure their operating systems are up to date and are watching for any updates from firms like Apple, Google, and Microsoft. Microsoft was first to offer operating system fixes. Intel followed suit and all hell broke loose.
Reboot issues were discovered after installing the patches that Intel issued. To makes matters even worse, a confidential memo, presented by media outlets, is said to have issued warnings to large companies and cloud providers not to install the patches because of the glitches.
As a small business owner, you know that no matter how strong you build up cybersecurity posture, and no matter how advanced your IT infrastructure and operating systems you install, nothing can prevent a cyber-attack. And if you’re wise enough to embrace the when-not-if mindset, then you understand that applying updates and patches is just putting lipstick on a pig.
This doesn’t discount the importance of cyber hygiene and doing everything in your power to stay on top of would-be attacks. But this also reinforces the importance of belonging to an ISAO. We hope you choose ours of course, as we understand the unique requirements of the SMB owner, but regardless, join an ISAO. Nothing will ever 100 percent protect you from cyber incidents, but having liability protection and safeguarding your assets could mean the difference between keeping your business alive or folding.