What Should Entrepreneurs Know About Meltdown and Spectre? If you install the latest patches, the only attacks you need to worry about are the ones that have already occurred.

By Anna Johansson Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Meltown & Spectre

If you've been paying attention to tech news lately, you've probably heard about Meltdown and Spectre. Their names sound like comic book supervillains, but in reality, they're as capable of wreaking damage as are Magneto and Venom -- except that they damage businesses.

Related: Apple Discusses 'Spectre' and 'Meltdown' Fixes on iOS, MacOS

If you're a business owner, you need to understand what your resulting vulnerabilities are and what you can do to protect your business.

What are they?

Essentially, Meltdown and Spectre are known security bugs that have the potential to affect nearly every computer or digital device in the world. Most security bugs affect either hardware or software -- for example, they might come from a problem with the way your device was constructed or represent a vulnerability to outside influence associated with the back-end code of an app or specific program.

Meltdown and Spectre are different: They exist at an architectural level within processors. Inside a kernel, the core of a computer's operating system, data passes through in a plain, unencrypted form. Within the system, there are powerful protections designed to shield this unencrypted data from being observed or interfered with by outside sources.

Related: What You Need to Know About the Major Flaws Affecting PCs and Smartphones

Yet Meltdown and Spectre techniques are able to get around those protections. Hypothetically, this allows them to observe any actions you take on a computer, such as typing out a password, accessing private information or sending encrypted communications.

Meltdown, specifically, affects Intel processors, and exists as a kind of brute-force attack, breaking through the shield that prevents applications from reaching the kernel memory.

Spectre, meanwhile, affects Intel, AMD and ARM processors. And that means it can affect smartphones, wearables and almost anything with a chip in it; rather than breaking down a barrier, Spectre works by tricking an application into revealing ordinarily protected information.

How they were discovered

Meltdown and Spectre were initially discovered -- and given cute names and logos -- independently by three separate teams operating around the same time. Those team members included Jann Horn of Google Project Zero, Werner Haas and Thomas Prescher of Cyberus Technology, and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz of the Graz University of Technology.

The timing of those discoveries, within mere weeks of one another, seems surprising, given that these bugs had been present for more than 20 years. However, the coincidence actually wasn't that surprising: Many bugs are discovered by multiple teams independently and around the same time, even if they've been dormant but existent for years.

There are many possible explanations, including the fact that multiple teams might be inspired or prompted by the same circumstances and that teams tend to withhold such information until the bug is discovered by others.

Should you panic?

The worst-case scenario is a bad one. If someone has been using Meltdown and Spectre to spy on your devices, they could easily steal your passwords and compromise your data. And, because almost every device in the world is affected on some level by these vulnerabilities, you aren't immune from the possibility.

If hackers got to your device before the bug was discovered, your information may already be compromised.

Even so, there's no reason to panic. There are software patches for both Meltdown and Spectre, which effectively guard against their use. If those patches are applied, you'll be protected from present and future attacks -- though if you've already been affected, there's no way to retroactively undo that damage.

What you should do right now

So what should you do to deal with these vulnerabilities? Four things:

  • Update your devices. Take whatever personal and professional devices you have and make sure they're equipped with the latest OS and software updates. If you have your devices updating automatically, this should have already taken place -- but it never hurts to double check.
  • Keep an eye on your important accounts. Just in case your device was affected before the patches were applied, keep an eye on your most important accounts. If you notice any suspicious activity, report it right away.
  • Change your passwords. As an extra precaution, consider changing your passwords, and choosing strong, multi-character passwords as your replacements.
  • Watch the news. Keep an eye out for more updates in case the story develops.

Meltdown and Spectre were scary because they've taught us a valuable lesson: Security bugs and vulnerabilities can lurk anywhere, sometimes for decades before they're discovered. But these bugs, in particular, are officially squashed -- assuming you've installed the requisite patches.

Related: 'Venom' Vulnerability: Serious Computer Bug Shatters Cloud Security

If you install the latest patches, the only attacks you'll need to worry about are the ones that have already occurred. And if you monitor your accounts carefully, you can respond to any suspicious activity immediately.

Anna Johansson

Freelance writer

Anna Johansson is a freelance writer who specializes in social media and business development.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Science & Technology

From Silicon Valley to Everywhere — How AI Is Democratizing Innovation and Entrepreneurship

AI is no longer just a tool for big corporations — it's a global equalizer, empowering entrepreneurs from every corner of the world to innovate, scale and compete like never before.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

'Enormous Chaos and Confusion': Do You Need to File a BOI Report? After Another New Ruling, Here's What Business Owners Need to Know.

Failing to file the report could cost small businesses $591 per day—if you even have to file it at all.

Data & Recovery

Join the Highest-Growing Industry in 2025 With This $60 Cybersecurity E-Learning Bundle

You could land your dream job as a cloud security specialist, ethical hacker, or security analyst.

Franchise

5 Benefits of 'Ick' Franchise Industries

What makes "ick" franchise industries so valuable? As a franchise consultant of many years, I've learned is that there is real value in everyday essential industries that, if given the chance, have real material benefits that just might be the right fit for your goals.

Data & Recovery

Portable, Durable, and Fast: the Dual-USB Flash Drive Every Entrepreneur Needs

Streamline your data management with this drive's 1TB of storage and speedy file transfers.