MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

Meltdown and Spectre: What MSPs Need to Know and Communicate to Clients

Posted January 16, 2018by Bill Hughes

Meltdown and Spectre: What MSPs Need to Know and Communicate to Clients

By now, you’ve probably seen two names swirling around every industry news headline. These, of course, are Meltdown and Spectre; two critical vulnerabilities found in current CPUs from Intel, AMD and ARM.

On Wednesday January 3, several researchers disclosed the security flaw in modern processors that could affect practically every Intel computer released in the last two decades—as well as the AMD and ARM chips in your laptops, tablets and phones. As people are (rightly) concerned, we’ve decided to assemble and organize all the information MSPs and IT service providers should understand about these vulnerabilities, how they could be exploited and how to communicate these vulnerabilities to your clients.

What Are Meltdown and Spectre?

In brief, Meltdown and Spectre are the names of the flaws found in a number of processors from Intel, ARM and AMD that could allow hackers to access passwords, encryption keys and other private information from open applications.

While these vulnerabilities are generally talked about in conjunction, they are not one and the same. The basic difference between the two is that Meltdown compromises the isolation between the operating system and programs executed by users. On the other hand, Spectre compromises the isolation between different running programs.

How Could Meltdown and Spectre Be Exploited?

The Meltdown and Spectre vulnerabilities are rooted within the processor’s architecture, where a design defect allows applications to cross memory boundaries into the protected memory of other applications. Variants to the flaw exist where malware could potentially gain access to the memory of other applications (in the case of Spectre) or where malware could gain access to a device's memory (in the case of Meltdown). If these vulnerabilities get exploited in a successful attack, it could lead to a broad range of malware attacks that could compromise the user’s data stored on their device.

How to Address Meltdown and Spectre with Clients

It’s important to emphasize that at this point in time, there is no evidence these vulnerabilities are being maliciously exploited in the wild. However, Meltdown and Spectre should serve as the latest wake up call for organizations to continuously question, enhance, test and secure their IT environments.  

So, how can you approach these conversations with clients? I recently sat down with the MSP Radio crew to chat through the Meltdown and Spectre vulnerabilities and how MSPs can effectively leverage these news events to inform their clients and create sales opportunities. Here are some of my key takeaways:

Don’t Rush into Things

Because news on the vulnerabilities has mentioned that “every machine could be at risk,” people tend to think that the solution needs to be rushed. To avoid confusion, it’s important that you’re careful and thoughtful about how you respond and react to these events. Rather than scrambling to put the fire out (like we saw with WannaCry), MSPs should take the time to gather their thoughts and build a communication strategy.

At the same time, don’t rush into making fixes just because of the news. As I mentioned before, these vulnerabilities have no confirmed problems; but, if you rush into applying an update, you could run into problems.

Note: Patches have already been released for Microsoft WindowsApple macOS, and Linux to patch Meltdown. Click the links to get more information.

Get Used to It, but In-Front of It

Unfortunately, these types of vulnerabilities are becoming the new normal, so MSPs will see more of these on a regular basis. My best advice would be to get comfortable with these conversation—you can even include them in your monthly updates.

Ideally, as an MSP you will know what to be looking for so that you can communicate with end-clients before they read the news headlines. It’s key to quickly communicate with clients so that, rather than thinking the worst, they know their actual risk is low because there is no known exploitation. This shows that you’re on top of it and cements you as the security partner they’ll turn to first.

To hear more on this, click here to listen to the rest of the podcast episode!

 

Handpicked for you:

Download Cyber Security eBook

Bill Hughes is a Product Manager at Continuum Managed Services, responsible for multiple areas within the RMM product including Patching and Cloud Strategy. Prior to Continuum, Bill has 10 years of experience ranging from a consultant integrating global IT systems, IT manager for a medium sized company, and has launched multiple B2B SaaS products. Bill holds a Bachelor and Master of Systems Engineering from George Washington University.

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus