monsitj - Fotolia

Channel can help users deal with Meltdown fears

With the world reacting to the Meltdown and Spectre microprocessor chip flaws the channel is in a prime position to offer customers advice

Over the past couple of days the extent to which the Meltdown and Spectre security threats have plagued PCs all over the world has started to become clear.

Apple has now comfirmed that all iPhones, iPads and Macs are affected by the microprocessor exploits that were discovered earlier this week.

"Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time," the firm stated in a blog post.

One of the security flaws, known as Spectre has been found in chips made by Intel, AMD and ARM and Meltdown has been discovered in Intel chips and one ARM product.

A couple of days ago Intel provided an update, indicating that it was already dealing with the problem and dismissing the idea it was the sole cause of the issue.

"Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively," stated the firm.

The channel is in a prime position to deal with customer concerns and many will be getting questions about what steps need to be taken now.

Intel and Apple are among those that have issued updates and patches to fend off the vulnerabilities but many users will be wondering if that is all they need to do in order to protect their data.

“Fear aside, attention must turn to the ‘what now’. Countless headlines are no doubt confusing for those just wanting to know how best to preserve the security around their data," said Ross Brewer, vice president and managing director of EMEA at LogRhythm.

"For businesses, it’s never been more critical to understand the real-time behaviour of users across their networks. As this vulnerability opens the door to theft of credentials, logins and other private information, any unusual network activity needs to be detected, investigated and remediated as soon as it occurs," he added.

Brewer called for more effort to be made to ensure that firms were up to date with their patch management and staff were made aware of the need to keep on top of security.

Trying to reduce staff to some of the potential risks was a theme picked up by Chris Morales, head of security analytics at Vectra.

"A core principle of information security is the least privilege model. Least privilege means every component of computing systems, including system processes and users, has access only to the information and resources that are needed for it to function," he said.

"All user accounts at all times should run with as few privileges as possible, and also launch applications with as few privileges as possible. From a cyber security perspective, limiting user access to least privileges reduces the ability of an attacker to exploit other applications and the rest of the system," he added.

Solutions will be made available to the immediate threat but the latest headlines from Meltdown and Spectre will give the channel the chance to build on a discussion around security with customers that started in earnest last year with the high profile WannaCry and Petya ransomware attacks.

Read more on Data Protection Services

ComputerWeekly.com
Search ITChannel
Close