Meltdown and Spectre Vulnerabilities: New Year, New Cyber Threat

Nutter McClennen & Fish LLP

The first week of January 2018 brought disturbing news on the cyber security front – and for once it was not the result of corporate ineptitude or poorly designed software. Actually, it was far worse. Independent security researchers announced the discovery of two vulnerabilities – dubbed Meltdown and Spectre – in the hardware underlying virtually all computers, servers, and smartphones currently in use. Without getting too technical, Meltdown and Spectre are each exploits that allow a hacker to abuse the normal function of a computer’s processor. They allow a hacker to break the isolation between different applications and the operating system, granting access to the computer’s memory, and thus the secrets of programs sharing the same processor.

Unlike most vulnerabilities, these flaws are in the hardware, not the software, of a device, which makes fixing them far more difficult and costly. The one significant mitigating factor is that the vulnerabilities do not themselves allow a hacker into your system, they are instead a method for a hacker already in your system to bypass internal controls and obtain data or passwords. 

With a vulnerability this significant and widespread, what should you do? 

  • Apply patches and updates. Software makers are busy rolling out software updates and patches to mitigate the damage from these vulnerabilities. Thus, it is now even more important than normal to make sure that these patches and updates are applied as soon as possible.
  • Be hyper-vigilant. Because the vulnerabilities can only be exploited once a hacker is in your system, redouble your efforts to keep hackers out or contained using robust security measures, such as strong passwords, multi-factor authentication, timely patch management, and system monitoring.
  • Keep cyber security plans current. Ensure that your information security plans and incident response plans are up-to-date and that they are both technically and legally defensible.
  • Monitor for potential intrusions. Be prepared to investigate any potential intrusions rapidly so that you can both cut off any improper access and ensure that any relevant legal obligations and risks are addressed.

Meltdown and Spectre underline yet again the inherent insecurity of our network and computer infrastructure. Companies (and users) must therefore remain alert and focused on taking all reasonable steps within their control to protect the security of their data.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Nutter McClennen & Fish LLP | Attorney Advertising

Written by:

Nutter McClennen & Fish LLP

Nutter McClennen & Fish LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.