By The Numbers: How Spectre and Meltdown Are Affecting Businesses
he IT world was thrown for a loop in the new year with the arrival of a unique breed of security vulnerability. While threats spawned from software bugs have become all too familiar to IT professionals, vulnerabilities caused by hardware flaws embedded in the core of computer processors are causing a new level of stress. Spectre and Meltdown are the names given to two fundamental and widespread threats affecting nearly every computer chip manufactured in the last 20 years.
The reason Spectre and Meltdown have caused such a stir is they represent the potential for a malicious program to access and exploit two key techniques used to enhance the speed of a computer’s memory access and processing time, called caching and speculative execution. These processes create a window where data in the CPU cache could potentially be accessed without permission, a breach of catastrophic proportion for both companies and consumers. So how seriously is the IT world taking this?
Spiceworks, a popular and trusted community of resources and networking for IT professionals, recently released a survey of 500 IT professionals on the perception of risk and the time and resources they are dedicating to mitigating that risk.
On the question of perceived risk, it’s clear they are taking it very seriously. According to Spiceworks, 88 percent of IT professionals they talked to have concerns that hackers will be able to exploit the Meltdown or Spectre vulnerabilities on the devices/services used by their organization.
And that perceived vulnerability varies based on operating system and device. 81 percent of IT pros believe there is a medium to high risk that Windows OSes will be exploited as a result of the Meltdown/Spectre vulnerabilities. Additionally, 67 percent believe the risk is medium to high that their web browsers will be exploited because of these CPU flaws. In contrast, IT pros are the least concerned about weaknesses in unpatched graphics card drivers and Linux distributions.
Most IT professionals surveyed are not wasting any time patching devices and services. Spiceworks survey data indicated that 57 percent have begun patching Windows OSes, followed by antivirus software (37 percent), Linux distributions (36 percent), web browsers (34 percent), Mac OSes (34 percent), and virtualization hypervisors (30 percent).
Not surprisingly, the time and resources needed to address the Spectre/Meltdown threat varies according to company size. According to the data, 45 percent of organizations expect to spend more than 20 hours patching Meltdown/Spectre vulnerabilities, while 26 percent expect to spend more than 40 hours, and 16 percent expect to spend more than 60 hours. Only 5 percent of IT pros said their organization won’t spend any time addressing these vulnerabilities.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.