“Those who patch, prevail.” – Unknown
While patching may be the most boring, thankless job in the IT department, it could be the one that prevents the most cyber attacks. Hackers use known vulnerabilities to launch attacks on businesses. Having your systems updated and patched may be the best first line of defense.
On January 3rd, 2018, Meltdown and Spectre were revealed. These security flaws exist in nearly every Intel CPU built since 1995. Both vulnerabilities involve speculative execution side channels that can be exploited to steal sensitive data from the devices in your network.
The Meltdown vulnerability, CVE-2017-5754, can potentially allow hackers to bypass the hardware barrier between applications and kernel or host memory.
The Spectre vulnerability has two variants: CVE-2017-5753 and CVE-2017-5715. These vulnerabilities break isolation between separate applications.
Both flaws provide hackers with a way of stealing data, including passwords and other sensitive information. If hackers manage to get the software running on one of these chips, they can grab data from other software running on the same machine.
While these flaws are unique since the vulnerabilities were found in the way the chips were manufactured, there is a way to help prevent any damage. You guessed it, patching! But, it’s not that simple…
Updating your patches will not simply fix the Meltdown and Spectre vulnerabilities. Your team should take the time to test patches to minimize the impact on your hardware and applications. Be sure to use industry best practices and thoroughly test each patch before implementing them company-wide.
Bleeping Computer has a full list of patches and updates available here.
Let’s make patching the best, most rewarding job in the IT department. Remember WannaCry? And how many companies would have been protected if they had used the patch made available by Microsoft? Don’t wait for the next attack!
Plan to Fail = Plan to Win
When any new cyber attack or vulnerability is announced, many companies will panic and create more disorder that is necessary. The best thing your organization can do is to plan to be attacked and monitor your network like you are currently being compromised. Have a strategy ahead of time. Discuss worse-case scenarios with management and have a communications plan in case something goes wrong.
We recently discussed how the cyber attacks of 2017 didn’t change the attitude or security budget of many organization around their cyber risk strategy. In addition to making patching part of your core strategy, there are typically five fundamental services that should be done proactively to help protect your organization. Those services include 24×7 SIEM with security monitoring, vulnerability management, patch management, endpoint detection and response, as well as security awareness training. These services help you create a solid security practice that ensures compliance and proactively protect your organization.
To make it even easier, all five services are available in one integrated package called PREtect from Cybriant. Find out more: https://www.cybriant.com/pretect
By planning to be attacked, you will be aware of what is on your network. You’ll be able to protect your organization and reduce the dwell time of those attacks.