Cybersecurity is a field that never gets boring, and the early days of 2018 proved that with the disclosure of the Meltdown and Spectre vulnerabilities.
Living up to their fearsome names, Meltdown and Spectre are vulnerabilities found in practically all modern processors. They could potentially allow hackers to gain access to passwords, personal information and sensitive other data that courses through a PC or server. The hardware flaws essentially dismantle some of the most essential protections in operating systems and other software.
"While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs," explained the official the official security advisory from the security researchers who discovered the vulnerabilities. "This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."
For cyber-attackers, those are some very tempting targets. If the flaws are exploited—likely only a matter of time if history is any guide—businesses are in for a flood of malware that target the vulnerabilities.
Luckily, there have been no reports of attacks in the wild yet. IT vendors are also rushing to release patches.
Equally encouraging is the fact that many organizations are eagerly snapping up those patches, according to a Spiceworks study on Meltdown and Spectre. There have been some bumps along the way, including buggy fixes from Intel that can cause unpredictable system behavior.
Meltdown and Spectre Are Already Affecting Businesses
Of the 514 IT professionals from North America and Europe who were surveyed by the IT management specialist Spiceworks, 70 percent said they had already begun patching for Meltdown and Spectre. On the downside, those efforts are often met with problems of their own.
"The collective effort to address the Meltdown and Spectre vulnerabilities will cost IT departments time, manpower and money to correct. And while small businesses have fewer systems and services to patch than larger businesses, they're just as likely to experience performance degradation, system freezes, and boot issues after patching the CPU flaws," said Peter Tsai, senior technology analyst at Spiceworks.
"In many cases, smaller organizations only have one or two IT professionals on staff to help address these issues, so they may be more affected by the resource constraints," continued Tsai. "In fact, in one third of small companies, IT professionals estimate they'll spend more than 20 hours addressing the vulnerabilities."
Of the 38 percent who experienced issues after applying patches, the top issues included a performance drop (46 percent), locked-up systems (26 percent) and boot-up problems. Then there's the impact to the bottom line.
Tsai further noted that "16 percent of small businesses will spend up to $10,000 addressing the issues. For many, that’s a significant portion of their budget that could otherwise be put toward more strategic IT initiatives that help move their business forward."
Businesses, both big and small, should be prepared to deal with the aftermath of Meltdown and Spectre for a good long while, adjusting their spending strategies accordingly.
"Finally, it’s important to keep in mind that as the situation develops, the amount of money and effort required to address Meltdown and Spectre could change drastically in the coming weeks," cautioned Tsai. "For example, IT departments will feel the pain if organizations experience ongoing issues with patches, the vulnerabilities prove to be worse than initially anticipated, or malware that exploits the vulnerabilities spreads."
For more insights, view the full report here.