alt tag

Posts Tagged ‘data’


Spectre and Meltdown: Valuable Lessons for Your IT Security Team

Monday, February 12th, 2018

At the end of 2017, the world learned about Spectre and Meltdown: two far-reaching security threats that exploit how CPUs work to expose protected information on nearly every recent PC, server and smartphone. Hackers can use these exploits to do things like steal passwords and other protected private information stored in a computer’s memory through programs such as a web browser.

These vulnerabilities essentially affect every computer, including Macs, iOS devices and Chromebooks.

Hardware and software manufacturers are hard at work fixing the vulnerabilities, but it is up to the end users to make sure the fixes go through.

How the Exploits Work

Spectre seizes the ultra-fast memory on the CPU itself, known as the CPU cache. CPUs use processes called “Branch Prediction” and “Speculative Execution” to guess the most likely upcoming instructions from branches in a program to speed up performance. Spectre attacks manipulate those processes to push data from protected memory into the cache then load that pushed data from unprotected memory. The exploit identifies protected information because it loads faster from the cache.

Meltdown exploits a flaw in processor privilege escalation that allows executed code to get access to protected memory. Essentially, Meltdown breaks the isolation between the application and the operating system. Meltdown is the easier to exploit, but the easier to fix of the two.

What It Means for IT Security

IT security staff needs to make sure that all devices impacted by Spectre and Meltdown are properly updated to mitigate the threat. For the most part, this means staff needs to take some key steps: apply the operating system patches, install firmware updates, update web browsers and update other software that works with secure data, all while keeping the antivirus active.

In many cases, it means just staying out of the way, as Windows and MacOS devices will automatically install the updates. According to Microsoft, end users mostly just need to make sure Windows Update is active. However, some anti-virus programs may block patches and others aren’t compatible with the updates, so IT staff will need to find an alternative option to update those devices.

The Damage Done

Fortunately, Spectre and Meltdown haven’t led to any major security breaches, but researchers have identified more than 130 instances of malware designed around related exploits. So far, related malware seems to be proof-of-concept attempts rather than attacks.

At this point, most of the damage comes from performance degradation associated with the security updates. Both Spectre and Meltdown exploit techniques used to improve CPU performance, so closing those vulnerabilities often involves disabling those techniques. In particular, Windows-based systems running 2015-era Intel Haswell or older CPUs may experience performance drops, with older operating systems being more likely to show symptoms.

However, the performance loss isn’t consistent and can vary between 2 and 14 percent depending on the task. Some processes are affected more than others, with “privileged” processes seeing the most slowdown. Your IT staff should be concerned about this if your business is running virtual machine clusters. The performance loss may mean a hardware update is in order.

MPA Networks offers valuable services such as desktop management that can help your business avoid the pitfalls of Spectre and Meltdown by keeping your computers updated and secure. Contact us today to learn more.

Do You Have a Crisis Management Plan for a Cyberattack?

Thursday, February 8th, 2018

A crisis management plan is your business’s best defense for minimizing cyberattack damage after technology-based preventative measures have failed. Unfortunately for most businesses, cyberattacks are not a matter of if, but a matter of when. Establishing a crisis management plan can help your business minimize data compromise, limit attack scope, decrease recovery time and reduce harm to your reputation. Having a plan in advance means your operation can immediately get to work on containing the attack when it occurs rather than allow it to incur further damage while you scramble to develop a plan during the breach.

What Threats Do Cybersecurity Attacks Pose?

Cybersecurity attacks aren’t going away. According to CBS, as of 2015, criminals contributed to 1.5 million annual cyberattacks. These attacks can have major repercussions for a business.

According to IBM, the average breach costs a business $3.6 million.

Some attacks can lead to massive fallout that can put a business in financial trouble. In 2016, there were 15 breaches that exposed more than 10 million identities, Symantec reports.

The technical side of preventing cyber-attacks is an ongoing cat-and-mouse game. The tech industry pushes to close security holes as soon as — if not before — hackers find and exploit them. Hackers like to take advantage of businesses that haven’t applied software patches to close established security holes.

Malware, ransomware, botnets, IoT vulnerabilities and email phishing were all major threat sources in 2017. In particular, ransomware is a growing problem because businesses are paying more than $1,000 on average to recover “locked” data. Many of these payouts could have been avoided by implementing proper crisis management and disaster recovery plans in advance. While big businesses offer big targets, SMBs still need to protect themselves from attacks.

What Your Plan Should Contain

A cyberattack crisis management plan revolves around three main elements: preparation, response and recovery. Every step is crucial, because a poor response can actually make the situation worse. According to WIRED, Equifax’s management response could have stopped the problem before it started in their major 2017 breach, if they had not done such a poor job. Here’s what to consider:

  • Prepare: Your business should prepare for extreme-level attacks in advance. Part of this process involves creating a response team with key players from all necessary departments. The plan should include what each group needs to do in the event of an attack. The crisis response team should take action to plug major known security holes as they are discovered to prevent a breach.
  • Respond: The response team should identify the attack, secure the compromised systems, and investigate the cause of the breach in that order. Next, the team should take action to prevent further attacks that exploit the same or similar security holes.
  • Recover: The cycle continues after your business contains the threat. The response team should next work to minimize public damage and repair customer trust. According to a 2011 Ponemon Institute study, larger businesses say they averaged $332 million in diminished business value following a customer data breach.

The disaster recovery experts at MPA Networks can be a vital part of your business’s crisis management plan. Our experts can help your staff gets back to business as usual as quickly as possible. Contact us today to find out how we can help.