Over the past couple of weeks, the importance of remaining vigilant, as well as the importance of continued outward scanning, has been reinforced with the surfacing of the Heartbleed bug. This bug has even forced the shutdown of online tax filing at the Canada Revenue Agency, while raising red flags at thousands of organizations globally. And while many have referred to the bug as “a simple flaw”, its ability to grant unsophisticated users access to your sensitive data is something that deserves to be talked about and acted on. Without a doubt, Heartbleed impacts one of the most important assets of any organization – its data – and is just one of the many bugs, flaws, and security threats that conspire to create sleepless nights for many a CTO.
What is Heartbleed?
Heartbleed is a patchable bug that significantly impacts OpenSSL. What is OpenSSL? OpenSSL is a toolkit that allows you to work privately within an online space, particularly when you are doing sensitive work. It protects your private transmitted data from external eyes by implementing Secure Sockets Layer (SSL) protocols, Transport Layer Security (TLS) protocols, as well as full-strength general purpose cryptography. In short, it allows you to transmit information online securely and privately.
While OpenSSL is a very good and secure solution, Heartbleed, a simple bug, has threatened that very notion of privacy. Heartbleed tears the screen off the “private” work that you are doing online, allowing anyone with relatively unsophisticated skills to see the private information that you are transmitting across the web. Essentially, it allows that which should never happen, to happen. It takes data and information that is private, and lifts the curtain on the data for the general public.
What can I do about Heartbleed?
So what can you do? Thankfully, many of the online Internet & digital providers including Amazon and Google have already implemented Heartbleed fixes or sent out recommendations. If you are unsure of whether you have been impacted, make it a priority to find out. Regardless of your role in the organization, if you touch data, ask every one of your colleagues whether your data and web properties have been secured. If Heartbleed is an issue and you can’t fix it yourself, reach out to someone who can help you do it.
While Heartbleed has shaken up the digital security world over the past week, it is important to recognize the critical lessons that we can learn from this. This certainly will not be the last security threat to data privacy and security. In fact, as more data becomes available, and solutions get pushed into the cloud, one can only expect the frequency of these issues to increase. Vigilance is key. Commit to a weekly review of the security of your data assets. Continually educate yourself on the evolving threats that might impact your business or industry. And get the help you need to categorize, evaluate, and act on emerging threats and issues. These actions will help you to ensure that your business and its precious data are truly protected.