16th July 2018
Our Cybersecurity Practice Director, Luke Potter, was recently approached by SC Media, the leading cybersecurity source in the UK and Europe, to provide commentary for the article, “Ghostbusters 2: how to deal with Spectre, the sequel.”
The article addressed how Spectre 1.1 and 1.2 have emerged from the shadows, what they are, and how do you mitigate them and any exploits that follow.
Luke’s response to the journalist’s questions:
Do the latest vulnerability disclosures point to the inescapable fact that these processor design flaws will continue to be a pain point for security teams for the foreseeable future – and just how much of a real-world concern to enterprise security teams is this?
These ‘new’ vulnerabilities are effectively bypassing the initial mitigation for Spectre “1.0” which hit the media in January of this year. The researchers have found yet another way to circumvent known mitigations and identified a new exploit method which demonstrates how this particular vulnerability is proving difficult to mitigate using software/microcode updates alone, and we may well see similar variants making repeat appearances in the future. Absolutely enterprise security teams need to be concerned around this. Vulnerability management has to extend to all types of software and hardware throughout organizations. Historically, vulnerability management teams have focused purely on ‘operating system’ level security and patching. Whereas wider system coverage has to be included, such as the firmware on devices, micro-code versions on processers and BIOS versions. Updates at this level have to form part of an effective cybersecurity strategy. Further to this, hopefully, CPU designs going forward will take these kinds of issues into account.
How should the enterprise respond to these vulnerabilities and the exploits that will likely follow – what’s the best practice mitigation advice for the ongoing Spectre threat?
Read the full SC article here.
Learn about our Vulnerability Management here.
About Luke Potter
Luke oversees SureCloud Cybersecurity Solutions. He also manages our Secure Private Cloud. Luke is a recognized cybersecurity expert. He is a CHECK team leader, Tiger Scheme senior security tester, ISO 27001 lead auditor and Microsoft Certified enterprise administrator. Previously, Luke managed the IT team at a large UK insurance brokerage.