by Peter Dietrich
1:00 min read
All the cyber shpere is abuzz over the latest in world ending vulnerabilities Meltdown and Spectre. Truly the hype is impressive these past few weeks. But all kidding aside, this one is pretty serious or at least it may be if certain things come together. I guess that's typical of most of the big named vulnerabilities like EternalBlue (WannaCry), Heartbleed and Krack. Your Internet browser will likely be the method of delivery for these attacks, according to the SANS storm Center. Many of my clients have come to me and asked what can they do? Well, certainly you could replace all of your hardware with new hardware when the new chips come out or.... you could do the basics.
1. Patch, then really patch and patch again. This really is our only hope with this one for now. Everything with a processor will likely need a patch. Accept the patches that are coming out from your vendors, but be careful and test first, there have been some things breaking.
2. Scan for vulnerabilities more often. Weekly or at least monthly. But do this on your internal network as well as your external one and do these as authenticated scans. But above all, actually dedicate resources to fix the vulnerabilties identified.
3. Develop a mature cybersecurity program based on the Center for Internet Security's (CIS) 20 Critical Security Controls (CSC), including all appropriate 149 sub controls.