The week in security: To fix Spectre, don’t use the Spectre fix
- 29 January, 2018 17:01
The full extent of data breaches aren’t always obvious at first, but the damage can quickly add up – OnePlus found after revelations that up to 40,000 credit cards were affected by the company’s hack two months ago.
Shipping giant Maersk saw the toll explode quickly, forcing staff to move heaven and earth to recover 45,000 PCs that were nailed by last year’s NotPetya attack.
Like an observed surge in DDoS attacks in the leadup to the Winter Olympics and Commonwealth Games, the persistence of such attacks is a warning for CSOs staring down a host of new compliance requirements this year – in other words, most of you.
It doesn’t help that hackers are finding new ways to exploit machine-learning technologies to launch attacks.
And as if the pressure weren’t already on, this month’s Data Privacy Day highlighted the ongoing role that users continue to play by refusing to learn good password habits.
Google parent company Alphabet is working to counter such problems with Chronicle, a platform that aims to give enterprise ‘immunity’ from cybercrime.
That task is getting harder all the time, since the ongoing addition of new cloud platforms is making things ever more difficult when it comes to progressing digital-transformation initiatives.
Not to mention, of course, the fiasco that is Intel’s efforts to patch the Spectre bug – which produced a bug fix that Intel is now advising OEMs not to use, and many OEMs already aren’t using.