The recent Heartbleed bug brought pertinent security issues to light. Multiple security redundancies are not preferable when combating ransomware; they are necessary. Victims of ransomware such as Heartbleed have already jeopardized numerous types of server security. Heartbleed has prompted widespread public awareness announcements for webmasters, IT experts, and almost every person who owns a smartphone.
Vulnerabilities and Credit Card Theft is the Norm
According to Forbes, 1 in 20 Americans have been victims of identity theft. Stolen credit card information is not news to the average consumer, and major banks have implemented credit card fraud departments in order to mitigate damages. Numerous Americans are fairly comfortable with addressing fraudulent charges on credit cards after information has been stolen by hackers, such as the fiasco in which sensitive credit card data was stolen from Target in November 2013. Malware was installed on Target’s (TGT) security system, and data from every credit card transaction in every store was compromised. In large part, loyal Target shoppers asked for new cards and went on with their shopping.
The most surprising nature of the largest retail heist in history was its rudimentary nature. The malware was installed, and no one seemed to notice anything was amiss for months. Advanced ransomware was unnecessary. The hackers were in charge of the retail giant’s servers, and they waited for credit card data from holiday shopping to roll in. The entire to-do cost Target millions and counting.
Heartbleed Gave People a Reality Check
Perhaps the countdown clock and direct extortion methods made people pay attention to substantial vulnerabilities in servers, or perhaps losing all sensitive data gets public attention. Cisco Systems identified 75 products as vulnerable to Heartbleed, including video conferencing systems and IP phone systems. A study published by GitHub suggests vulnerabilities on highly viewed sites such as DuckDuckGo, Slate, Imgur, and Yahoo! Hundreds of other services and sites strongly suggested users change all passwords as soon as possible. GitHub was also attacked by Heartbleed.
Google’s reputation for having top-tier security was disparaged by Heartbleed. Google servers were hit. The web giant reported it assessed SSL vulnerability and applied patches to crucial Google services, which include Gmail, YouTube, and other major Google products.
Security Increases in Big Data Storage for U.S. and Foreign Federal Government Agencies
It is difficult to pinpoint the exact number of big data storage systems that have taken active security measures to protect sensitive information from Heartbleed. There is a notable increase in awareness, especially for government and military entities. However, it is difficult to trust that an entity that cannot create a fairly straightforward healthcare website can swiftly implement comprehensive security solutions for ransomware.
A recent study conducted by the Washington Post suggests 9 out of 10 emails opened by National Security Administration workers were sent from the public, not terrorists. The NSA successfully intercepted Heartbleed before the bug was announced to the public. However, smaller government organizations have not taken advanced measures to protect sensitive data from ransomware.
The United Services Automobile Association and healthcare.gov reported Heartbleed bug attacks and encouraged users to change passwords as a safety precaution. Additionally, the Canadian Revenue Agency was shut down as well as a number of smaller Canadian government agencies due to concerns about Heartbleed.
Sensitive Enterprise Financial Data and Security Risks
One of the most prominent issues with sensitive financial data is user error. Sensitive data can easily be jeopardized without any server vulnerabilities. The rise in portable and mobile electronics have made it easy for a smartphone left in the back of a cab to become a major security threat for publically traded companies. Server security is only one element in comprehensive data storage and management. Ransomware like Heartbleed can easily be used for extortion in a variety of contexts; it’s not always as straightforward as a user haphazardly opening a shady email.
Financial giants American Funds and Venmo were both hit. However, American Funds quickly remedied issues. Users that logged on to the site americanfunds.com between December 12, 2013 and April 14, 2014 are at risk. Venmo reported it is still working to address various vulnerabilities.
How to Keep Servers Safe From Heartbleed
Companies that used servers listed that have announced Heartbleed bug attacks should take additional precautions. A compiler could compromise security for sites and data stored on servers that were not directly attacked by the Heartbleed bug. After all, basic C and C++ coding can create substantial security holes. In essence, it does not particularly matter if open source software or propriety code is used. In short, the increasing number of users on embedded networking systems such as the Internet make comprehensive server security interesting, to put it mildly.
When data cannot reasonably be kept safe on servers, the next best course of action is to implement multiple redundancies on cloud-based hosting solutions as well as servers that are not connected to the Internet. Although it might sound archaic, old-fashioned server rooms and hard drives that do not rely on any Wi-Fi networks are one of the easiest ways to keep archives of pertinent data.
What Still Needs to Be Done?
The online security community has been met with a conundrum. Blacklisting is considered too reactive, and it could cause more harm than good. Similarly, whitelisting is not considered practical due to the scope of online users. Experts suggest developing standardized systems for all web activities in order to quickly identify vulnerabilities and implement appropriate security patches.
Currently, security is largely jeopardized due to the juxtaposed nature of online activities. Trying to target individual vulnerabilities that quickly spread to uneducated users has resulted in the current state of online security breaches. End users and IT experts are not always particularly proactive due to lack of education or fear of poor publicity. A standardized online framework would decrease the ability for extortion and theft of sensitive data to occur in the first place. Also, it would not take months to react to large breaches. Cybercrime will likely always occur on some level, but its impact can be mitigated substantially.
Top image ©GL Stock Images