Masthead-Image-Right-min

Don’t Have a Meltdown! Practice Cyber Hygiene to Mitigate Risk

January 16, 2018 By: Quadax

Practicing preemptive cybersecurity hygiene can help prevent adversaries from accessing your high-value assets including systems which handle PHI and PII.

In the pursuit of speed, processors have been built to feature speculative execution, which has now been found to introduce vulnerabilities by allowing unauthorized viewing of cached content potentially containing passwords, encryption keys, and other sensitive data. Detected by independent researchers, the chip vulnerabilities have been dubbed Meltdown and Spectre. These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.

Advisory and Mitigation Information

The Meltdown and Spectre Side-Channel Vulnerability Guidance issued by the United States Computer Emergency Readiness Team (US-CERT) encourages users and administrators to refer to their hardware and software vendors for the most recent information and is maintaining a table that contains links to vendor advisories and software patches. A current concern with the available operating system patches is that they may slow computer performance; impact on performance may vary based on workload volume and type of processing.

Healthcare industry resources advise healthcare organizations to exercise appropriate caution and test operating software patches carefully before implementing on high-value assets including systems which handle PHI and PII. Please refer to the following: 

New vulnerabilities like these continue to be revealed on a regular basis and as a normal course of business, Quadax regularly patches systems to proactively eliminate known vulnerabilities. Because of the widespread nature of these specific vulnerabilities and the potential performance impact with the patches, Quadax has organized a committee of experts to focus on Meltdown and Spectre developments and remediation. This committee is monitoring patches, testing patches prior to release, analyzing the potential performance impact, interfacing with third-parties and working together to provide a smooth path to remediation. 

Cyber Hygiene - A good defense remains the best protection

Practicing preemptive cybersecurity hygiene can help prevent adversaries from accessing your systems and is an important first line of defense. An enterprise-wide cybersecurity awareness program can strengthen your organization’s security strategy by alerting employees of current security threats and providing them a set of best practices. Using employee security awareness in combination with installing the recommended operating software patches can help to mitigate risk during this time of widespread processor vulnerability. 

Reach out to vendors as well. Learn what they are doing to mitigate processor vulnerabilities. The Quadax security team continues to monitor the situation and guard against cyber threats. We also engaged our first line of defense, reminding all employees to exercise cyber hygiene. 

Achieving 100% participation in our 2017 enterprise-wide employee security awareness program, Quadax remains fully compliant with security awareness training requirements.  Recognizing that employee security awareness is a continuous process and an integral part of our on-going security strategy, Quadax is proud to be a 2018 Data Privacy Day Champion.  Data Privacy Day, celebrated January 28th, is an international effort to empower individuals and encourage businesses to respect privacy, safeguard data and enable trust.

New call-to-action

 

Share with your network

Subscribe to Email Updates

Recent Posts