Meltdown and Spectre represent a new class of security threat that endangers our digital world at its core – the processor. What do enterprises need to do to protect their digital businesses and their customers from Meltdown and Spectre exploits in a Privacy First world with GDPR enforced?
With the advent of Meltdown and Spectre, security as we know it has changed. We can no longer assume that an enterprise is safe by securing the network and protecting applications from malware or putting a lock on the entrance of the server room of your datacenter.
Especially given that computing is moving out of these traditionally secure enterprise environments and boundaries into public domains with Edge Computing and the Internet of Things , CIOs, CISOs, and the C-Suite need to understand the changing dynamic of cybersecurity and how processor-level threats such as Meltdown and Spectre (and most recently Foreshadow) will not only present high-risk vulnerabilities to your current and old devices, but devices that will enter your portfolio for at least the next 12 months as microprocessor engineers design the side channel and other undiscovered vulnerabilities out of future CPU designs.
Establishing A New Vigilance on Digital Security
So, what do you do to protect your business from the deep threat of processor-level exploits that are inevitable? The first step is to understand the nature of the threat and establish a risk management program that holistically addresses the protection of your digital business.
neXt Curve recommends the approach below to help executive teams architect a risk management and remediation approach to implement and govern a program to assess your ecosystem’s security posture and to prioritize high-risk aspects of your portfolio (inside and outside the boundaries of your enterprise) for remediation and threat management.
The problem will be bigger than your enterprise IT. Your program will need to involve the broad range of technology vendors, service providers and business stakeholders who depend on the digital services that you provide and receive from each other to ensure that you are collectively de-risking your ecosystem. Securing the network and installing anti-virus software is no longer good enough, especially as the Internet of Things rapidly expands the number of smart, connected devices that your business will depend on.
Implications for Business Leaders
Corporate boards and the C-Suite need to get savvy on emerging, deep techno-security vulnerabilities and risks such as Meltdown and Spectre. These vulnerabilities have the potential of exposing your business to deep attacks at the foundation upon which digital businesses are built – the processor. Cybersecurity needs to become a priority as enterprises continue their digital transformation and reinvention, which will come with an increasing number and severity of risks and threats to the business.
IT service providers and technology vendors have a great opportunity to expand their security services to help their enterprise and SMB clients implement holistic security strategies that factor in the management of the new breed of processor-level vulnerabilities and emerging malware and attacks.
neXt Curve can help you and your team develop a strategy for dealing with the new breed of processor-level vulnerabilities and the threats they pose to your organization and your businesses. Contact us for a complimentary consultation and an overview of our advisory and coaching services.
You can listen to the audio replay of our Meltdown & Spectre webcast by playing the media below or downloading the Podcast available on iTunes. Subscribe to our Podcast channel and keep up to date on the latest insights from neXt Curve.
Presentation Materials
neXt Curve Meltdown & Spectre Presentation (PDF)
Audio replay of the Meltdown & Spectre webcast
Podcast: Play in new window | Download