Dive Brief:
-
About 88% of IT professionals are concerned malicious actors will be able to hack their company's devices and networks through the Meltdown and Spectre flaws, according to a Spiceworks survey of 500 IT professionals in North America and Europe. By January 18, prior to Intel's announcement to cease patches, about 70% of organizations had begun patching systems for the flaws.
-
Respondents believe the most risk is in Windows OSes and web browsers, while graphics card drivers and Linux distributions are of less concern. IT professionals began patching Windows OSes first to mitigate risk.
-
About 61% of businesses are expecting a $10,000 cost to patch the vulnerabilities, but 29% may not have to spend anything. However, larger companies with more geographical locations can be slow to update and patch management issues.
Dive Insight:
The 30% of companies that held off patching may have the advantage. Since the disclosure of the Meltdown and Spectre security vulnerabilities, Intel has issued two separate announcements warning customers to pause implementing patches.
Since administering patches, more than one-third of those organizations experienced performance issues, according to the report.
Perhaps rebooting computers and slowed core processors were behind the decision to wait on patches, but most IT professionals know a patch can only do so much. Researchers already concluded that security updates only mitigate risk. The only complete resolution to Meltdown and Spectre is replacing all CPU hardware.
The majority of all businesses are using five employees or less to address the vulnerabilities, and organizing a concerted effort to secure an entire technical infrastructure is difficult.
Nearly all chips dating back two decades are susceptible to malicious activity, and grooming an entire network of flaws is close to impossible.
Maintaining an up-to-date inventory of what hardware is on an organization's network will help quickly identify what systems are most at risk and potentially thwart a deeper security issue.