Avoid Putting Your Company at Risk of a Data Breach: Keep Your Software Updated

Meltdown and Spectre are two clever cyber security vulnerabilities found in computers, cell phones and Internet of Things devices. Learn more about these vulnerabilities and how to prevent them.

Articles published October 31, 2018

In 2018, researchers at Google discovered two major security flaws that affect nearly every computer and cell phone device manufactured in the last 20 years. These vulnerabilities, known as Meltdown and Spectre, involve flaws in a number of processors from Intel, AMD, and ARM that enables them to take advantage of the speculative execution feature of modern processors.

Meltdown and Spectre are extremely clever because they access highly protected information on computers and cell phone devices as well as Internet of Things (IoT) devices like routers and smart TVs, making them potentially catastrophic for you and your organization. Fortunately, there are ways you can protect your business from being the victim of these dangerous security breaches, but it’s first important that you understand what these malicious vulnerabilities are and how they sneak into your protected and confidential information.

What is Meltdown?

Meltdown attacks by allowing a program to access your system’s main memory (RAM), and therefore private information from programs also stored on the operating system. This confidential information can include your Wi-Fi password, other login passwords, photos, emails, messages, and confidential business documents that are stored in your RAM. A user with a vulnerable processor, which runs on an unpatched or an outdated operating system, is more susceptible to a Meltdown attack. More specifically, desktops, laptops and Cloud computers that use an outdated or an unpatched system, are all at risk of a Meltdown attack. 

If you have not updated your system with the latest security patch, avoid working with sensitive information until your device has been protected against Meltdown.

What is Spectre?

Although Meltdown and Spectre are very similar in that they both break the isolation between applications, Spectre is considered more catastrophic because it is harder to detect and mitigate. Spectre can read your system’s memory from any program. In particular, Spectre can attack nearly every personal computer, server, and smartphone because of its modern fundamental design processors.

Spectre has the capability of tricking your system memory into accessing arbitrary locations on your software. It can even access your banking information by retrieving your password when you log in to your bank account. Although Meltdown and Spectre are tough security breaches to prevent, software developers have come up with security features to help fight these malicious programs from accessing your private data. Make sure your system’s security patches are up to date to help mitigate your risk of security breaches.

Ways to protect computers from a data breach.

Your organization’s confidential information is often stored on company computers, so securing these devices should be a priority. According to Tech Radar, “Windows PCs are likely to be hit hardest by Meltdown and Spectre, regardless if they run on Intel or AMD processors.” Windows responded to this statistic by releasing a security update, which aims to protect users against attacks. The update is available for Windows 10 and previous versions as well.  Windows has continued to release additional updates as needed to continue to mitigate these vulnerabilities. You can check if your Windows PC or laptop is up to date by searching “windows update” in the taskbar and select “check for updates.”

There is also a security update for Mac users. Apple has released several updates that target Meltdown and Spectre on the MacOS 10.13.2. You can access your updates on Mac by searching the App Store and looking for macOS and OS X software updates.

Ways to protect smartphones from a data breach.

In January 2018, Google released a new update that includes patches to help protect smartphones from malware such as Meltdown and Spectre. The best way to ensure your devices have the latest security features is to regularly check for new software updates and implement them as soon as possible. You can access your updates by opening the “settings” application on your Android smartphone and go to “system” to check if there are any outstanding updates that need to be made. Apple also released a security update for iPhones and iPads to patch the Meltdown and Spectre issues, which were initiated in iOS 11.2. To access your updates, go to “settings,” then click on “general” and then “software update” to see if your device has the latest update installed.

Although Meltdown and Spectre can be extremely dangerous, you can install the latest software updates and patches to ensure you and your organization are safe from these malicious programs. Next time your device is asking permission to install an update, don’t delay. Instead, install those trusted software updates as soon as possible to prevent malicious programs from sneaking into your systems.

What steps are you taking to keep your organization's data and network protected against cyber security breaches?

Sources: