Saturday, March 6, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Lessons Learned from Meltdown and Spectre

by Michael Lines
February 13, 2018
in Data Privacy, Featured
meltdown alert

4 Best Practices to Protect Your Business

It’s been weeks since the Meltdown and Spectre vulnerabilities took the security world by storm, yet we’re still living in a state of chaos and confusion. The best “fix” for these bugs is still forthcoming, and patches should be implemented once they’re available. Michael Lines offers guidance to help you master the art of patching.

By now, you probably know that Meltdown and Spectre exploit critical vulnerabilities in modern processors, allowing malicious programs to steal data that is being processed on a computer. The unforeseen consequences of these hardware design flaws leave us facing a problem unlike anything we’ve ever seen, both in scope and scale (billions of desktops, laptops, smartphones and cloud computing platforms are affected). As a result, hardware and software vendors and researchers are still trying to determine the best “fix” for these bugs, and companies are still struggling to understand the scope of the issue, their vulnerability level and what they can do about it.

Early announcements to replace the impacted CPU chips have rightfully been supplemented with more practical advice to apply appropriate patches as they are released. This, in and of itself, is a complicated process, as patches will need to be applied across a vast array of operating systems, and many of these patches are still to be developed and released.

But there’s no need to panic. Here are several best practices to help you master the patching process.

#1: Know Your Assets

You can’t patch systems, services and other assets effectively if you don’t understand your environment. Taking inventory of assets is a critical first step to patching the holes. And, given the increasingly sophisticated malware that exists today, you will need an even more granular understanding of the hardware (down to operating systems and processors) in your environment, so you can apply the right patches to the right systems.

#2: Test Continuously

Organizations should regularly perform testing of patches before they are applied to production systems. This is more important than ever when patching Meltdown/Spectre vulnerabilities, as the associated patches are reportedly causing both performance slowdowns and stability issues. Companies must understand the impacts of patches prior to applying them, otherwise they risk impacting their business operations even worse than the vulnerability itself.

#3: Manage Your Risk

Meltdown and Spectre have reminded us that risk management is the foundation of a good information security program. Not only should you be aware of your assets and the risk level associated with each, but you also must consider the risks that patching itself introduces, such as the performance and stability issues mentioned above. That said, it’s a good idea to research alternative methods of vulnerability management, as some countermeasures may have more benign side effects than the available patches do.

#4: Leverage Threat Intelligence

Cyber criminals are increasingly collaborating to wreak havoc on businesses and consumers alike, so we, as the potential victims, must work together as well. Threat intelligence communities exist so participants can report and stay up-to-date on new vulnerabilities, threats and countermeasures. And this threat data will help you apply patches to your environment quickly, correctly and appropriately. While some threat intelligence exchanges require a paid subscription, others are free – so, even if you’re a small business, threat data is available to help you defend against today’s advanced malware.

Incident Response is Key

While the hysteria over Meltdown and Spectre is understandable, it’s important not to panic. The ability to react in a predictable and repeatable way is what is most critical.

Most importantly, remember that building an effective security program is not a one-time effort. Cyber criminals become more sophisticated by the day, threats are continuously evolving, and your security strategy must adapt right alongside them. Meltdown and Spectre have reminded us that we must go back to the basics, and now is the time to put fundamental security processes in place to minimize risk, maintain protection and bring clarity to the current state of chaos.


Tags: information security
Previous Post

Compliance Issues with the Technologies Replacing Email

Next Post

Survey Reveals Large Gap in Awareness, Key Concerns and a Strong Preference for Third-Party Apps When Reporting Job-Related Sexual Harassment

Michael Lines

Michael Lines is Vice President of Strategy, Risk and Compliance Advisory Services at Optiv, where he leads a team of security experts in helping organizations develop and run the security programs that meet their business, risk and compliance needs.

Related Posts

green and red location markers on map

FinCEN’s Registry Will Be a Game-Changer. It Will Also Place an Added Burden on Corporations.

March 5, 2021
illustration of man under giant gavel

BitPay’s $507K OFAC Sanctions Violations Settlement

March 4, 2021
The facade of the SEC in Washington, D.C.

Prepare Now to Comply with SEC’s Updated MD&A and Related Financial Disclosure Requirements

March 3, 2021
Illustration representing a facial recognition technology scan of a face.

Facial Recognition Technology in the Workplace: Employers Use It, Workers Hate It, Regulation Is Coming for It

March 3, 2021
Next Post
Survey Reveals Large Gap in Awareness, Key Concerns and a Strong Preference for Third-Party Apps When Reporting Job-Related Sexual Harassment

Survey Reveals Large Gap in Awareness, Key Concerns and a Strong Preference for Third-Party Apps When Reporting Job-Related Sexual Harassment

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights