Broken Chips Sink Ships: Tiny cracks can sink the security of your credit union.

Printed brain onto circuit board

 

Good intentions with flawed results.

 

Intel – if you’ve been following the recent security announcements, some specific performance enhancements in computer chips are becoming points of weakness, creating significant security issues. While original vulnerabilities were discovered in 2018, various flaws continue to be discovered well over a year later, and our tech world continues to apply software patches to address the vulnerability in the hardware design.

 

“One near certainty is that there will be a continuing stream of speculative execution side-channel vulnerabilities found now that academia has discovered the category of issues that exists as part of the CPU architecture,” Curtis Franklin Jr. wrote on his May 15th article, New Intel Vulnerabilities Bring Fresh CPU Attack Dangers.

 

Why are CPUs such a big deal? These Central Processing Units determine how fast your computer thinks. When applied specifically to credit unions, two lesson emerge in tech strategy:

 

First, it’s vital to design with security in mind when creating, architecting, and implementing new, or improving existing, technology systems.

 

Credit Unions are not designing server processor hardware, and many are not designing full software programs, but do regularly decide how software and data integrates and flows between systems. It is only responsible to implant both software and hardware into tech environments in safe and secure ways, assuming responsibility for the seamless transactions between multiple programs while simultaneously protecting private member data. Data, system, network strategies, and methodologies have never been a higher priority to the survival of your credit union.

 

Physical, virtual, and cloud components, aligned either directly in-house or through a service provider, create the conglomerate of prime efficient infrastructure. To ultimately serve the mission of the credit union, while adding value to the membership and business structure itself, the network, security framework, server environment, desktop environment, and user environments converge at the critical intersection of security and design. Striving for optimum performance that quickly meets business needs must not cannibalize best practices and safe, secure, architecture design.

 

The second lesson is simply, security risk is dynamic and consistently fluid. Constant revisiting, retesting, and re-evaluating all variables from technology to security are core components of basic data health and system functionality.

 

Whether it’s a new software update, a configuration mistake, or a user with an unintended use, environments require a second look. Taking full advantage of patches, fixes and updates is a simple yet effective first move. When the time comes for adding a new system or making a significant change, this signals an opportunity to strengthen the technological ecosystem. Leadership roles adopt an ongoing obligation to evaluate underlying architectures, ensuring both credit union and member data is as safe and secure as possible.

 

These chips are tiny yet powerful, don’t let a small weakness sink your enterprise, and starting the conversation is easy with:

 

  • Can we simplify our digital footprint while reducing points of potential failure and compromise?
  • Are we following our security-first, technical roadmap and holding to our plan and security frameworks?
  • Is the underlying design of our environment sustainable, secure, while providing value to the credit union?

 

The manipulation of a single variable alters the larger picture, and it is this macro lens which becomes the compass in aligning our technological strategy with the perils and duty of data security.

 

 

 

To read the entire article referenced in this blog, please visit https://www.darkreading.com/vulnerabilities---threats/new-intel-vulnerabilities-bring-fresh-cpu-attack-dangers-/d/d-id/1334728

 

For more information on the Pure IT strategic roadmap and gap analysis process, please visit https://pureitcuso.com/about-pure-it/. 

 

0 Comments