March 15, 2018
March 15, 2018
Contributor: Wunmi Bamiduro
How enterprises can safeguard customers personal data and information stored on PCs
The discovery of the Spectre and Meltdown threats came as a shock to most individuals and organizations. The underlying vulnerabilities that they exposed continue to affect PCs, smartphones, servers, network and security appliances, and some IoT devices — anything that requires a central processing unit (CPU) to function is at risk of loss of the sensitive information held in its memory. As CPUs are foundational to everything in IT, the programs and operating tasks of everyday devices and the secrets they hold are susceptible. Not since Y2K has a vulnerability affected so many systems and required a deliberate, phased plan of action for remediation efforts.
“The risk is real, but with a clear and pragmatic risk-based remediation plan, information security and risk management leaders can provide business leaders with confidence that the marginal risk to the enterprise is manageable and is being addressed,” says Neil MacDonald, vice president and distinguished analyst at Gartner.
Although patches have addressed the current Spectre and Meltdown issues, they may not be the best solution. By the end of 2019, we can expect to see more variants of attacks that exploit speculative execution and require additional remediation.
To defend against Spectre and Meltdown, MacDonald recommends security leaders take the following steps:
Connect with the world’s leading security and risk management leaders with Gartner experts to establish an agile security program and deliver business value.
Recommended resources for Gartner clients*:
Security Leaders Need to do Seven Things to Deal With Spectre/Meltdown by Neil MacDonald.
*Note that some documents may not be available to all Gartner clients.