It is beneficial for leaders in the security and risk management field to adopt a pragmatic and risk-based approach to deal with the ongoing security threats posed by the "Spectre" and "Meltdown” vulnerabilities, according to Gartner.
Gartner identifies seven steps that security and risk heads can follow to bring down the risks associated with security threats.
Almost all modern IT systems are at risk of security threats so all desktops, mobiles, servers, virtual machines, IoT devices and the like need a deliberate, phased plan of action for remediation efforts.
For a successful attack, the attacker needs to execute code on the system. As such, the risk of unknown code execution is significantly reduced by application control and whitelisting on the systems.
Information security heads should be ready for scenarios in which the right decision is not to patch. While in some cases, this will be due to lack of patches on older systems, in others the impact on performance is not balanced by the reduction in risk, so patches will not be applied. Gartner recommends patching and firmware upgrades in case of server workloads.
Multiple mitigating controls can bring down the risk of security threats in systems that are not patched or patched partially.
"Spectre" and "Meltdown" target an underlying exploitable design implementation inside most of the computer chips manufactured over the past two decades. They represent a totally new class of vulnerabilities and it is just the start – the underlying exploitable implementation will continue to remain in the future.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.