Major security threat shows most IT providers are unprepared
Meltdown and Spectre - a pair of ‘vulnerabilities’, or weaknesses in computer hardware or software that can be exploited by cyber criminals - were made public early this year. These particular vulnerabilities are unique in that they affect virtually every computer in operation today.
Immediately following the news, Microsoft released a software update designed to protect Windows computers and devices against the risk of attack. Unfortunately, this update was incompatible with most third-party antivirus software, and so Microsoft carefully restricted its rollout, requiring IT administrators to take a number of precautionary steps before installing the update.
I was disturbed to hear many reports of IT teams not understanding Microsoft’s requirements and being unable to protect their customers. In fact, a Barkly survey conducted a week after the Meltdown and Spectre announcement found that at half the organizations surveyed, more than 75% of computers hadn’t received the Windows update. Just 4% of respondents had applied it to all of their end users’ computers and devices.
THE ANTIVIRUS INCOMPATIBILITY SHAMBLES
The reason for such a low success rate is twofold: Firstly, because Meltdown and Spectre affect features of your computer’s hard drive that are designed to improve its performance, installing the update could mean slowing down your systems significantly. That explains why so many IT teams were nervous about installing it, and instead took a ‘wait and see’ approach.
Secondly, before installing the update, Microsoft requires that company IT administrators first take a number of steps to confirm that their company’s antivirus software was compatible. Failure to do this results in issues such as computers not starting up, ‘blue screens’, and other problems rendering them inoperable. Many IT teams simply didn’t take these crucial steps before running the update, resulting in serious issues and significant downtime for end users.
THE HUM DIFFERENCE
Unlike other IT providers in the small-medium business sector, HUM is backed by a large, expert security team. As part of the Origin group, all HUM customers benefit from the resources and methodology of Origin Security, our specialist security practice.
The Origin Security team sprang into action the moment news of Meltdown and Spectre was released. They immediately kicked into quality assurance mode, systematically testing all of our customers’ antivirus software for compatibility with the Windows update.
Next, they held training sessions with the wider group. As soon we had our ducks in a row, we reached out to every HUM customer, to let them know about the vulnerabilities, explaining the next point of action and giving clear instructions for users to follow. We continued to keep our customers up to date on the progress of new patches as they became available.
The result? I’m proud to say that every single HUM and Origin customer was protected in a timely manner, without one case of antivirus incompatibility.
SMALL-TO-MEDIUM BUSINESSES DESERVE MORE FROM THEIR IT PROVIDERS
It doesn’t matter what size you are, cyber attackers are indiscriminate and the threat to your business is very real. The lesson here is that keeping your IP, your customers’ data, and your reputation safe requires so much more than mindlessly running patches and updates. Your IT team or your managed IT support provider must have an Incident Readiness and Response Plan underpinned by proven methodologies if they’re to respond quickly and proactively to new threats.
I believe organisations of all sizes should expect this level of protection from their managed IT support provider; however the experience of businesses both locally and globally following Meltdown and Spectre show that most are woefully unprepared.
If you’re ready to give your business a fighting chance against cyber crime, get in touch with the team at HUM today.