11 April 2014
This week has been another example of the escalating seriousness of cybercrime. The chaos surrounding the Heartbleed bug goes to show that nobody is immune to the risk it poses – even the FBI, whose website was amongst the list of affected organisations.
The security vulnerability in OpenSSL software allows hackers to grab memory from a server and view details that would otherwise have been encrypted. We’re talking passwords, addresses and user names here. This isn’t just an issue for the techies amongst us, as I’ve had to explain to a few people this week; it’s a potential issue for all web users.
Whilst not all sites were running the affected version of the encryption software, a large proportion were and, because attacks would leave no trace, there’s no easy way to find out whether the vulnerability has been exploited or not! My advice to businesses for now is to regenerate your SSL certificates, as private keys could have been leaked. Check you have updated OpenSSL and maybe take the opportunity to update all operating system updates during a maintenance period.
The question this latest bug raises is whether, as a country, we’re adequately prepared for online crime. Personally, I’m not convinced that we are. Whilst there have been steps in the right direction, I think it’s fair to say that more could be done. I saw a report yesterday that claimed only three police forces across the UK had comprehensive cybercrime plans in place.
So if the face of crime is changing, we need to change not just with it, but one step ahead of it. How do we go about getting up to speed? Let’s get a discussion going here. What are your thoughts?