Almost as soon as the clock struck midnight and 2018 began, organizations around the world—of all sizes and in all industries—were faced with the first cybersecurity issue of the new year: Meltdown and Spectre.
A new year, a new cybersecurity threat, right? However, the industry had never seen anything as widespread as these vulnerabilities affecting processors in more than 90 percent of computers, across platforms.
As the world became aware of Meltdown and Spectre, Ben Banks, our Director of Information Security, wrote a blog post detailing what organizations should do to respond to the newly revealed vulnerabilities. It’s now two months later, and this is still an ongoing and evolving situation that will require close monitoring for some time.
That said, Meltdown and Spectre haven’t been as serious as originally predicted. It’s only a matter of time before the next bigger, badder cybersecurity emergency rears its ugly head.
Is your organization ready? Find out by seeing if you can answer these three important questions based on lessons learned from the response to Meltdown and Spectre.
What’s our plan for handling cybersecurity emergencies?
Most organizations have a plan to deal with public relations issues, supply chain interruptions, and other emergencies that can have an adverse effect on operations. However, many neglect to put a plan in place for cybersecurity, and find themselves scrambling to respond to every new vulnerability or threat.
As Ben suggested, take stock of your business-critical systems and technical debt so you know exactly what is at risk. Then develop processes accordingly and share them with your incident teams so they know what to expect when incidents occur.
What resources can we access when emergencies arise?
A response is only as good as the information at hand. Do you know what’s going on? Are patches out yet? Are you implementing the right patches? What do other experts think?
These questions can be answered by closely monitoring the right sources. In the case of Meltdown and Spectre, it was crucial to gather data from IBM, Dell, and others, and observe the patterns related to their recommendations and the release of information regarding the vulnerabilities.
Who can we ask for help and guidance?
Of course, answering the two questions above is not easy. It takes time and effort to develop a plan, mobilize according to the plan, identify trusted resources, and monitor those resources during an incident. It’s difficult to go it alone.
Consider if you have the right support to make your incident plan and develop processes; gather data and funnel it to your organization; answer your questions and provide advice regarding the vulnerability; and maybe most importantly, have someone be a calming voice when every urge is telling you to panic. A calming voice and a cautious approach would have been beneficial in the weeks after the reveal of Meltdown and Spectre, when little was known, and patches were being published and then quickly rescinded. This would have saved the headache of unnecessarily patching and experiencing the performance degradation these patches caused.
If you can answer the three questions above, your organization is in a good place to respond effectively to the continued fallout from Meltdown and Spectre, as well as to whatever else is in store for us in 2018 and beyond.
We’ll continue to monitor the situation and share our thoughts on the matter, so be sure to subscribe to our blog to stay up to date.