2018 The Year of the Meltdown and Spectre
If you don't read about cybersecurity and stolen data everyday then you probably don't read much news. But, if you scan the news headlines once in a while you're aware of the following:
- 2014 - The Year of the Cyber Breach
- 2015 - The Year of the Healthcare Cyber Breach
- 2016 - The Year of the Cyber Attack (it's common news)
- 2017 - The Year of Ransomware
So, what will 2018 be dubbed? 2018 - The Year of the Meltdown? Wait, what meltdown? Or the Year of the Spectre? Is that a ghost or something else? Well unfortunately, two major hardware vulnerabilities have been discovered in almost all computer processors (CPUs).
What's the Problem?
Meltdown and Spectre are hardware vulnerabilities in most modern computer processors (CPUs). These critical flaws in the processor designs allow applications (computer software programs) to steal data from other applications running on the same processor. Normally applications are blocked from reading data from other applications unless they have been given "permissions." But Meltdown and Spectre are hardware design flaws that allow this to happen. A malicious software program (malware) can read data from another legitimate application without providing appropriate permissions. This data may include your emails, passwords from browsers or password managers, instant messengers, EMRs, EHRs, practice management systems, billing systems, credit card processing systems, the list goes on and on.
What to do?
There's not much to do about the hardware flaw, it will take years for all the hardware to be replaced with new computers. However, it is important to have your IT department or support firm apply the patches as they become available. It is also very important to ask all of your cloud providers to confirm that they have applied the patches to all of their affected hardware.
Linux and Windows patches are already available. Chromebooks updated to Chrome OS 63 are protected.
Android devices running the latest security update, are already protected, which includes the Google phones. Other vendor's updates are expected to be delivered soon. Users of other devices will have to wait for the updates to be pushed out by third-party manufacturers, including Samsung, Huawei and OnePlus. So, know which devices still need to be updated and watch for the patches to become available and apply them as soon as you can.
What's the Impact?
The potential impact is stolen protected or sensitive data; a data breach. But, even if you install the patches and prevent a breach there is the possibility the patches will degrade your computer CPU performance. On new CPUs (computers) the performance degradation may only be 5% based on what the experts are predicting. But on CPUs older than five years, experts are predicting much worse performance. Unfortunately, we'll have to wait and see.