Meltdown

There has been much chatter in the news and online regarding new vulnerabilities discovered in the CPU chips contained in technology such as computers, smartphones and cellphones phones and Internet Connected devices. While learning about a new vulnerability is never good news, in this case it isn't worthy of the “the sky is falling” scenario many sources are eluding to.

Lets look at what we know. The discovered flaw impacts the central processing units by the leading manufacturers Intel and AMD along with the a slew of ARM processor makers. Basically, the main processor types installed across computers, smart phones and most IoT devices (Internet of Things.

As the flaw is at the hardware level and how it deals with data in memory, it doesn’t matter what Operating System your devices has – Microsoft Windows, Mac OSX, Android, IOS – they are all vulnerable because the issue is at the processor level, the piece that does the actual computing of data.

While details continue to emerge on this subject it’s important to remember the flaw was discovered by a bunch of people with PHDs in a controlled lab environment. It’s not like the flaw had been utilized by hackers at present nor will it be easy for them to gain access to your processor to utilize the discovered exploit.

You might be thinking, “Wait Scott, aren’t you the guy always warning about the need for security and blowing the whistle on problems when they crop up?” I sure am, that is the line of work I am in – assisting fellow business owners and executives determine their technology risks and putting measures in place to avoid risks deemed unacceptable.

In this instance, the flaw is still theoretical, meaning found and created in a controlled lab environment. It will take some time, Intel is saying before the year end, for manufactures to come up with a fix and it will take hackers likely just as long or longer to develop ways to exploit the flaw in a real world environment.

Sure, in theory it is possible for hackers to take advantage of the exploit, however more in the way that you might be able to successfully play Jenga, building the tower to a couple feet tall, during a dorm room party, on a heavily slanted table, while drunk...it's possible but highly unlikely. At least at this time.

Software companies are getting set to release some patches to address the flaw. It’s not a fix per say, remember the flaw is actually at the hardware level and only the hardware manufacturers can truely fix it. These patches are simply ways for the operating system to try and keep protected data out of memory on the processor that the flaw has been able to compromise.

The trade-off of installing these patches could be a reduction of as much as 30% in performance according to some pundits.

If you have already implemented other security measures – such as next generating security products, automated software patching, managed Universal Threat Management systems and formalized Cyber Training with testing for your staff – you can have a level of comfort as we await more develops and fixes from the hardware manufacturer’s.

Not sure what those items are or don’t have a strong security footprint in place and would like to get some peace your company is in a good place to handle cyber threats – then give me a call so we can talk it through.