UK businesses are being urged to act swiftly to protect against design flaws in microchip processors which could expose their IT systems to cyber-attack.
The biggest problem appears to be Intel processors found in many laptops and PCs sold around the world.
These could be exposed to the Meltdown and Spectre vulnerabilities which are essentially problems with the way chips were designed and tested.
That’s pretty much all most people know about the design flaws because manufacturers are keeping tight-lipped about the precise nature of these blunders.
Intel’s not alone, chips made by ARM and AMD are also believed to be flawed.
It turns out that the processor manufacturers have been trying to keep these flaws under wraps since early in 2017 which is quite annoying to say the least.
But now we know about the problem, it’s more important for businesses in Sussex and across the South East to focus on taking immediate steps to deal with the danger. Don’t sit back and expect IT providers to solve it.
An associated problem is the possible slow-down updates may cause to some computers. Some commentators have suggested there will be up to 30 per cent reduction in processor performance. Intel denies there will be any serious effect.
The UK’s National Cyber Security Centre (NCSC) says there’s no evidence these vulnerabilities have been exploited. The “worst case scenario” is that code running on one of your devices could gain access to memory it doesn’t have permission to access.
It’s worthwhile studying the NCSC’s guidance as well as having a word with an independent IT expert. Someone who can give you a thorough understanding of all the issues, so that you know exactly what needs to be done to protect your business.
Gary Jowett, from Computer & Network Consultants in Brighton, says: “The fixes you need for different parts of your IT network vary. For example, cloud services may seem to be someone else’s responsibility as major cloud providers are installing fixes on their own platforms. However, the NCSC says that if you use cloud services like Infrastructure as a Service (IaaS) your company will need to update the operating systems of any virtual machines you manage.”
As for data centres and servers, patches are needed for operating systems and for the hypervisors that run virtual machines. The major equipment manufacturers should be delivering these patches.
But be warned. While end-user devices may have had their operating systems patched against these vulnerabilities, some businesses may also need to check the underlying firmware in some network technology.
One way forward is to consider installing firewalls that aren’t vulnerable to the Meltdown and Spectre threats. For example, consider firewalls that use custom-made high-performance security processors from SonicWall and others.
Gary says: “Whatever the actual threat to your organisation, it’s wise to act now to protect your company. And speak to an independent adviser if you need to get a clearer picture of what’s your responsibility and what’s already being done by the major IT providers.”