Get All Access for $5/mo

What Should Entrepreneurs Know About Meltdown and Spectre? If you install the latest patches, the only attacks you need to worry about are the ones that have already occurred.

By Anna Johansson Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Meltown & Spectre

If you've been paying attention to tech news lately, you've probably heard about Meltdown and Spectre. Their names sound like comic book supervillains, but in reality, they're as capable of wreaking damage as are Magneto and Venom -- except that they damage businesses.

Related: Apple Discusses 'Spectre' and 'Meltdown' Fixes on iOS, MacOS

If you're a business owner, you need to understand what your resulting vulnerabilities are and what you can do to protect your business.

What are they?

Essentially, Meltdown and Spectre are known security bugs that have the potential to affect nearly every computer or digital device in the world. Most security bugs affect either hardware or software -- for example, they might come from a problem with the way your device was constructed or represent a vulnerability to outside influence associated with the back-end code of an app or specific program.

Meltdown and Spectre are different: They exist at an architectural level within processors. Inside a kernel, the core of a computer's operating system, data passes through in a plain, unencrypted form. Within the system, there are powerful protections designed to shield this unencrypted data from being observed or interfered with by outside sources.

Related: What You Need to Know About the Major Flaws Affecting PCs and Smartphones

Yet Meltdown and Spectre techniques are able to get around those protections. Hypothetically, this allows them to observe any actions you take on a computer, such as typing out a password, accessing private information or sending encrypted communications.

Meltdown, specifically, affects Intel processors, and exists as a kind of brute-force attack, breaking through the shield that prevents applications from reaching the kernel memory.

Spectre, meanwhile, affects Intel, AMD and ARM processors. And that means it can affect smartphones, wearables and almost anything with a chip in it; rather than breaking down a barrier, Spectre works by tricking an application into revealing ordinarily protected information.

How they were discovered

Meltdown and Spectre were initially discovered -- and given cute names and logos -- independently by three separate teams operating around the same time. Those team members included Jann Horn of Google Project Zero, Werner Haas and Thomas Prescher of Cyberus Technology, and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz of the Graz University of Technology.

The timing of those discoveries, within mere weeks of one another, seems surprising, given that these bugs had been present for more than 20 years. However, the coincidence actually wasn't that surprising: Many bugs are discovered by multiple teams independently and around the same time, even if they've been dormant but existent for years.

There are many possible explanations, including the fact that multiple teams might be inspired or prompted by the same circumstances and that teams tend to withhold such information until the bug is discovered by others.

Should you panic?

The worst-case scenario is a bad one. If someone has been using Meltdown and Spectre to spy on your devices, they could easily steal your passwords and compromise your data. And, because almost every device in the world is affected on some level by these vulnerabilities, you aren't immune from the possibility.

If hackers got to your device before the bug was discovered, your information may already be compromised.

Even so, there's no reason to panic. There are software patches for both Meltdown and Spectre, which effectively guard against their use. If those patches are applied, you'll be protected from present and future attacks -- though if you've already been affected, there's no way to retroactively undo that damage.

What you should do right now

So what should you do to deal with these vulnerabilities? Four things:

  • Update your devices. Take whatever personal and professional devices you have and make sure they're equipped with the latest OS and software updates. If you have your devices updating automatically, this should have already taken place -- but it never hurts to double check.
  • Keep an eye on your important accounts. Just in case your device was affected before the patches were applied, keep an eye on your most important accounts. If you notice any suspicious activity, report it right away.
  • Change your passwords. As an extra precaution, consider changing your passwords, and choosing strong, multi-character passwords as your replacements.
  • Watch the news. Keep an eye out for more updates in case the story develops.

Meltdown and Spectre were scary because they've taught us a valuable lesson: Security bugs and vulnerabilities can lurk anywhere, sometimes for decades before they're discovered. But these bugs, in particular, are officially squashed -- assuming you've installed the requisite patches.

Related: 'Venom' Vulnerability: Serious Computer Bug Shatters Cloud Security

If you install the latest patches, the only attacks you'll need to worry about are the ones that have already occurred. And if you monitor your accounts carefully, you can respond to any suspicious activity immediately.

Anna Johansson

Freelance writer

Anna Johansson is a freelance writer who specializes in social media and business development.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Growing a Business

How to Determine The Ideal Length of Your Marketing Emails Your Customers Will Actually Read

Wondering how long your marketing emails should be? Here's what consumers say — so you can send them exactly what they like.

Leadership

Tech Overload Will Destroy Your Customer Relationships. Are You Guilty of Using Too Much Tech?

Technology's value in our world is undeniable. However, there can be a point where it is ineffective and possibly counterproductive. See where it can negatively impact your product, brand, and business.

Devices

Clean up Your Mac Software with This $12 Family Plan, for One Week Only

Save on a program that can optimize your company's Mac computers.

Management

Most Gen Z Workers Want This One Thing From Their Employer. Are You Providing It?

Millions of college graduates are entering the workforce, and many feel unprepared. Here's the one thing they're looking for from potential employers — and how providing it will benefit you and your business in the long run.

Operations & Logistics

How to Know It's Time to Add an HR Department

HR activities at startups are often reactive in nature instead of proactive. That leaves gaps in the system.