The newest threats to cybersecurity: Spectre and Meltdown

The newest threats to cybersecurity: Spectre and Meltdown
If 2017 was the year of WannaCry, then 2018 has begun with Spectre and Meltdown. What are these two cybersecurity threats that have got even the largest tech companies scurrying for cover? Shashank Venkat reports

While Spectre and Meltdown may sound like James Bond movie titles, they are certainly causing a stir in the technology sector after being revealed as the two biggest threats to cybersecurity in 2018. These two flaws have once again shown that the industry is woefully underprepared to handle cybersecurity disasters.

When the news came out last week, it was indeed surprising to note that even seemingly secure devices from the Apple ecosystem – such as Mac and iOS-based systems – were compromised because of Spectre and Meltdown. In a blog published on its website, Apple confirmed that it has released updates for iOS, macOS High Sierra, and Safari on Sierra and El Capitan. Furthermore, chip maker Intel, which is grappling with speed and security problems of its own after Spectre and Meltdown, confirmed during a CES keynote that it will send security updates for 90% of its products within a week. Thankfully, both companies have confirmed that none of their customers have actually been impacted by these exploits. Nevertheless, other industry leaders such as Amazon, Google and Mozilla are also rushing with new updates to fix the vulnerabilities.

While WannaCry held users to ransom quite literally, Meltdown and Spectre have even more far-reaching implications. Without getting into too much of the technicalities, it is important to understand that these two security flaws can essentially impact the nerve centres of your devices – the microprocessors (chips). With Meltdown and Spectre, an authorised attacker can access secure and privileged data of users. Moreover, researchers have found three attack variants for Meltdown and Spectre, further compounding the problems. If you are interested in knowing more about these vulnerabilities, Red Hat has published a detailed blog about it.

During the CES keynote, Intel CEO Brian Krzanich stressed the need for a collaborative response to these threats, and many of the leading tech players have come together to address what is an industry-wide problem which affects all businesses and their customers.

During last year’s WannaCry ransomware attack, we warned that companies remain vulnerable to new kinds of malware. Spectre and Meltdown have again given companies a timely wake-up call before too much damage could be done. Organisations have to act now and make cybersecurity a top organisational priority and not relegate it to the realm of their IT teams alone. Companies should have dedicated cybersecurity experts who beef up existing systems and processes, and also educate their staff to adopt the best practices for cybersecurity. Companies should have a tight grip on data and implement advanced analytics systems to flag a potentially sensitive issue in quick time. Maybe it’s also time to consider newer technologies such as Blockchain to counter the new wave of cybersecurity threats.

For the customers of these companies (most of us), it is important to update existing software to avoid these vulnerabilities from affecting your systems. Most tech companies will be sending out updates and patches to mitigate these risks. It is also important to follow standard security practices and install software to protect against malware. We will update you as soon as we learn more.