Global rules-based framework needed for response to cyber threats

IT didn't take long for the year's first major cyber threat to surface. Different teams of researchers around the globe found that all modern processors can be attacked by techniques that have been dubbed Meltdown and Spectre. These vulnerabilities allow a potential hacker to access the innards of a computer's operating system to ferret out crucial data such as passwords and encryption keys.

Around the mid-1990s, chipset design engineers decided to concentrate more on performance than security. Because of the choice made then, these fatal flaws in computer chip security have surfaced in the form of these two vulnerabilities. According to research agency Forrester, Meltdown is an Intel-processor-specific vulnerability which allows unauthorised access to the core memory of computers. Spectre is not vendor-specific and nearly all modern processors have this fatal flaw.

While Meltdown can be tackled with high-priority patching which most companies have begun to roll out, Spectre is much harder to fix, requiring with is known as microcode fixes to the processor. Forrester says this may affect the performance of chipsets. Despite the severity of the flaws, regular users of computers need not worry as there is, as yet, no known exploitation of these two vulnerabilities. As advised by SingCERT, the best solution is to update the firmware when prompted.