Connecting to LinkedIn...

W1siziisijiwmtuvmdqvmtuvmdgvntqvmzgvnzi1l01ptlrbu0hfqkxpr19vtljftkrfukvex0lnqudfx3jlc2l6zwrfyw5kx3jlbmrlcmvklmpwzyjdlfsiccisinrodw1iiiwimtkymhgxmjuwiyjdxq

Blog

What has Heartbleed taught us?

7/05/2014 by

W1siziisijiwmtqvmtavmjgvmtuvndivmzavnjmvzmlszsjdlfsiccisinrodw1iiiwinjawedqwmfx1mdazzsjdxq

The impact of the Heartbleed bug – an OpenSSL vulnerability that affected more than 500,000 websites – is one of the most far-reaching security breaches in recent times.  The fact that one of the most fundamental backbones of internet security has been dealt a severe blow is undeniable.

On the heels of the Heartbleed fallout, many businesses were left scrambling for an information security solution that would work and remove the risk of future vulnerabilities.  Is hindsight really 20-20?  What have businesses learned?

Upgrade is essential

 The Heartbleed bug is actually a vulnerability in OpenSSL that allows sensitive information to be scraped from the servers; therefore, many IT security teams have been forced to upgrade to OpenSSL 1.0.1g or higher.  The true impact of the risks from the Heartbleed bug may not be fully realised for months or years, however, simply because it has actually been around for years.

The bug is not very fast – only 64 kilobytes of data can be transferred at a time – but there is a real risk that sensitive and private data has already been compromised.

Encryption mechanisms

 One of the key lessons to be learned from the Heartbleed fiasco is to implement layered encryption mechanisms to protect data.  Those IT departments that relied solely on OpenSSL as their encryption solution were at the highest risk.  Multi-layered encryption mechanisms are more complex and should be used on all digital media devices, including those in hard disk RAID environments.

Proactive security audits are also an integral part in mitigating future risk.  Keep an eye on the security mechanisms used at every level of the public and private facing network and remember that nothing is ever completely secure.  Understanding that information security is an ever-evolving phenomenon is essential.

Proper auditing procedure

 A disconcerting aspect of the Heartbleed bug is that there is no way of telling if a particular service has been exploited or attacked.  There are no logs and no signs of intrusion, which may be why it took so long for the bug to be fully publicised.  There really is no way to tell if any sensitive data has been leaked or hacked.

IT professionals taking action in response to Heartbleed should consider the level of security required for certain data; for example, does the data require one or more layers of protection?  When dealing with personal data, it may be best to err on the side of caution.

The sheer fact that businesses may never know whether their customers’ data has been leaked or stolen should foster the motivation to beef up security efforts by using multiple layers of encryption and proper auditing mechanisms whenever possible.

Written by Montash.

We are hosting a Cyber Security Breakfast Briefing with Mandiant, a FireEye Company on Thursday 15th May 2014, 8am – 10am at Grand Connaught Rooms, Holborn, London. Entries are priced at £20, with all proceeds going to Groundwork Charity.

We would like to take this opportunity to invite you to attend this event.

The briefing will be an open discussion forum for top cyber security experts to discuss the latest threats that companies face and how best to combat them. The forum will highlight the potential cyber threats that target businesses on a large scale and will examine the crossover of security risks in both the real world and cyber world.

Montash is a multi-award winning, global IT recruitment firm. Specialising in permanent and contract positions across mid-senior appointments which cover a wide range of industry sectors and IT functions, including:

ERP, BI & Data, Information Security, IT Architecture & Strategy, Scientific Technologies, Demand IT and Business Engagement, Digital and E-commerce, Infrastructure and Service Delivery, Project and Programme Delivery.

With offices based in London, Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid-management in permanent and contract roles.

For more information please visit www.montash.com

comments powered by Disqus

Social Stream

Latest News

W1siziisijiwmtcvmdqvmjqvmtqvmzqvmzuvnjg3l3nodxr0zxjzdg9ja182mdq2otc5nziuanbnil0swyjwiiwidgh1bwiilcizodb4mtawiyjdxq

What Does A Snap Election Mean For Recruitment?

2017-04-25 08:00:00 +0100

On Tuesday 18th April, Prime Minister Theresa May called a snap general election for 8th June, taking the nation by surprise. Rather than waiting until 2020, voters will now be casting their ballots in a matter of weeks. The hope for the government is that a Tory victory give the prime minister a strong mandate in parliament as Brexit negotiations begin. This sudden decision has been embraced by many in the recruitment industry due to the anticipated st...

W1siziisijiwmtcvmdqvmtkvmtuvndivntgvnjcyl3nodxr0zxjzdg9ja18xmja3mdi1ndcuanbnil0swyjwiiwidgh1bwiilcizodb4mtawiyjdxq

Evolve or Die: The Importance of Being Agile

2017-04-19 18:00:00 +0100

In the high-speed world of IT, agility is essential if you want to stay on top. Over the last 20 years, Montash Managing Director Roy Dungworth has experienced many changes in the industry. But two things never change - the need for business agility and the importance of people. Roy shares his insights after two decades in the industry. The pace of the IT industry increases every year. The way people buy or consume information today is having an enormou...