Meltdown and Spectre microprocessor vulnerabilities took top billing in ComputerWeekly.com’s top 10 IT security stories of 2018.
Discovery of these and several similar vulnerabilities “were probably the single most challenging developments for enterprise IT security teams” last year, according to security editor, Warwick Ashford.
As enterprise teams raced to patch their systems, he writes, they faced patches that are incompatible, leading to crashes, reduced performance and lock ups. Based on Ashford’s reporting, security professionals are divided about the significance of these security issues.
His article states that the top challenges for IT security teams highlighted for last year include ransomware, illicit cryptocurrency mining, fileless malware, cross-operating system attacks, hardware vulnerabilities including Spectre and Meltdown, and vulnerabilities in Internet-connected devices making up the IoT, as well as other emerging technologies enabling digital transformation such as machine learning and artificial intelligence.
Ashford says, “Once the microprocessor exploits dubbed Meltdown and Spectre were made public in January 2018, security experts warned that malicious actors would be quick to incorporate them into their cyberattack arsenals, and advised IT security teams there was no time for enterprises to delay taking action. However, when patches were made available, IT security teams faced several challenges, with some patches proving to be problematic, leading to crashes, reduced performance and lock-ups.
Months later, however, security experts are divided over the significance of Meltdown and Spectre, with some arguing that laws opened up a dangerous new avenue of attacks, while other say the flaws were over-hyped, noting that there is no evidence that the flaws have been exploited successfully in the wild.”
While Meltdown and Spectre remain on the lips of Industry pundits a year later, other notable IT security issues and solutions stories continue to abound. Taking the 10thspot in ComputerWeekly.com’s list of 2018 security stories is the one called “zero-trust security model gaining traction.”
In short, zero-trust security, as defined, is based on the principle of “never trust, always verify.” It is said that its design addresses lateral threat movement within the network by leveraging micro-segmentation and granular perimeters enforcement, based on user, data and location. Ashford’s story contends the Zero-Trust Security Model made significant headway in 2018.
Other stories support Ashford’s reporting, noting that traditional IT security methodologies fall short these days based on earlier thinking that all internal aspects of an organization’s network can be trusted. Experts say the story is much different. New and sophisticated attackers with cleverly designed tools are expertly performing their entrances into the most believed to be guarded systems.