Connecting to LinkedIn...



What has Heartbleed taught us?

7/05/2014 by


The impact of the Heartbleed bug – an OpenSSL vulnerability that affected more than 500,000 websites – is one of the most far-reaching security breaches in recent times.  The fact that one of the most fundamental backbones of internet security has been dealt a severe blow is undeniable.

On the heels of the Heartbleed fallout, many businesses were left scrambling for an information security solution that would work and remove the risk of future vulnerabilities.  Is hindsight really 20-20?  What have businesses learned?

Upgrade is essential

 The Heartbleed bug is actually a vulnerability in OpenSSL that allows sensitive information to be scraped from the servers; therefore, many IT security teams have been forced to upgrade to OpenSSL 1.0.1g or higher.  The true impact of the risks from the Heartbleed bug may not be fully realised for months or years, however, simply because it has actually been around for years.

The bug is not very fast – only 64 kilobytes of data can be transferred at a time – but there is a real risk that sensitive and private data has already been compromised.

Encryption mechanisms

 One of the key lessons to be learned from the Heartbleed fiasco is to implement layered encryption mechanisms to protect data.  Those IT departments that relied solely on OpenSSL as their encryption solution were at the highest risk.  Multi-layered encryption mechanisms are more complex and should be used on all digital media devices, including those in hard disk RAID environments.

Proactive security audits are also an integral part in mitigating future risk.  Keep an eye on the security mechanisms used at every level of the public and private facing network and remember that nothing is ever completely secure.  Understanding that information security is an ever-evolving phenomenon is essential.

Proper auditing procedure

 A disconcerting aspect of the Heartbleed bug is that there is no way of telling if a particular service has been exploited or attacked.  There are no logs and no signs of intrusion, which may be why it took so long for the bug to be fully publicised.  There really is no way to tell if any sensitive data has been leaked or hacked.

IT professionals taking action in response to Heartbleed should consider the level of security required for certain data; for example, does the data require one or more layers of protection?  When dealing with personal data, it may be best to err on the side of caution.

The sheer fact that businesses may never know whether their customers’ data has been leaked or stolen should foster the motivation to beef up security efforts by using multiple layers of encryption and proper auditing mechanisms whenever possible.

Written by Montash.

We are hosting a Cyber Security Breakfast Briefing with Mandiant, a FireEye Company on Thursday 15th May 2014, 8am – 10am at Grand Connaught Rooms, Holborn, London. Entries are priced at £20, with all proceeds going to Groundwork Charity.

We would like to take this opportunity to invite you to attend this event.

The briefing will be an open discussion forum for top cyber security experts to discuss the latest threats that companies face and how best to combat them. The forum will highlight the potential cyber threats that target businesses on a large scale and will examine the crossover of security risks in both the real world and cyber world.

Montash is a multi-award winning, global IT recruitment firm. Specialising in permanent and contract positions across mid-senior appointments which cover a wide range of industry sectors and IT functions, including:

ERP, BI & Data, Information Security, IT Architecture & Strategy, Scientific Technologies, Demand IT and Business Engagement, Digital and E-commerce, Infrastructure and Service Delivery, Project and Programme Delivery.

With offices based in London, Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid-management in permanent and contract roles.

For more information please visit

comments powered by Disqus

Social Stream

Latest News


What are your career resolutions for 2017?

2017-01-16 09:00:00 +0000

The new year is traditionally a time to make resolutions for personal growth, but how about for your career? Setting goals is important because they provide a map for your career, helping you to organise your time, effort and resources on getting where you want to be. On a broader scale, having obtainable objectives can increase your job satisfaction, boost your self-esteem and improve your overall wellbeing. So, let’s take a look at the resolutions tha...


Business Intelligence trends for 2017

2017-01-13 11:00:00 +0000

Business Intelligence (BI) has evolved a lot in recent years, with most experts understanding that it is now far more than just data reporting. There remains a role for data scientists to play when it comes to analysing information, but it’s also increasingly important for every employee in a firm to be able to not only access data but also analyse it. During 2016, there was a wave of new self-service analytical tools developed across sectors, enabling ...