dcsimg

The Business Impact of the Meltdown and Spectre CPU Flaws

By Pedro Hernandez | Posted January 30, 2018
  • Print Article
  • Email Article
  • Comment on Article

WEBINAR:
On-Demand

How to Help Your Business Become an AI Early Adopter


Cybersecurity is a field that never gets boring, and the early days of 2018 proved that with the disclosure of the Meltdown and Spectre vulnerabilities.

Living up to their fearsome names, Meltdown and Spectre are vulnerabilities found in practically all modern processors. They could potentially allow hackers to gain access to passwords, personal information and sensitive other data that courses through a PC or server. The hardware flaws essentially dismantle some of the most essential protections in operating systems and other software.

"While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs," explained the official the official security advisory from the security researchers who discovered the vulnerabilities. "This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."

For cyber-attackers, those are some very tempting targets. If the flaws are exploited—likely only a matter of time if history is any guide—businesses are in for a flood of malware that target the vulnerabilities.

Luckily, there have been no reports of attacks in the wild yet. IT vendors are also rushing to release patches.

Equally encouraging is the fact that many organizations are eagerly snapping up those patches, according to a Spiceworks study on Meltdown and Spectre. There have been some bumps along the way, including buggy fixes from Intel that can cause unpredictable system behavior.

Meltdown and Spectre Are Already Affecting Businesses

Of the 514 IT professionals from North America and Europe who were surveyed by the IT management specialist Spiceworks, 70 percent said they had already begun patching for Meltdown and Spectre. On the downside, those efforts are often met with problems of their own.

"The collective effort to address the Meltdown and Spectre vulnerabilities will cost IT departments time, manpower and money to correct. And while small businesses have fewer systems and services to patch than larger businesses, they're just as likely to experience performance degradation, system freezes, and boot issues after patching the CPU flaws," said Peter Tsai, senior technology analyst at Spiceworks.

"In many cases, smaller organizations only have one or two IT professionals on staff to help address these issues, so they may be more affected by the resource constraints," continued Tsai. "In fact, in one third of small companies, IT professionals estimate they'll spend more than 20 hours addressing the vulnerabilities."

Business Impact of the Meltdown and Spectre CPU Flaws - Spiceworks

Of the 38 percent who experienced issues after applying patches, the top issues included a performance drop (46 percent), locked-up systems (26 percent) and boot-up problems. Then there's the impact to the bottom line.

Tsai further noted that "16 percent of small businesses will spend up to $10,000 addressing the issues. For many, that’s a significant portion of their budget that could otherwise be put toward more strategic IT initiatives that help move their business forward."

Businesses, both big and small, should be prepared to deal with the aftermath of Meltdown and Spectre for a good long while, adjusting their spending strategies accordingly.

"Finally, it’s important to keep in mind that as the situation develops, the amount of money and effort required to address Meltdown and Spectre could change drastically in the coming weeks," cautioned Tsai. "For example, IT departments will feel the pain if organizations experience ongoing issues with patches, the vulnerabilities prove to be worse than initially anticipated, or malware that exploits the vulnerabilities spreads."

For more insights, view the full report here.


Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more

    By submitting your information, you agree that smallbusinesscomputing.com may send you SmallBusinessComputing offers via email, phone and text message, as well as email offers about other products and services that SmallBusinessComputing believes may be of interest to you. SmallBusinessComputing will process your information in accordance with the Quinstreet Privacy Policy.

     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration