It’s been over two weeks since the world got to know that websites online were vulnerable due to the OpenSSL Heartbleed vulnerability. By now, most website owners would have mitigated this risk by implementing the right security fixes in place and users would have updated their passwords across these websites. So, can we say all is well? No. Not so soon.
Firstly, it is still too early to say how much of a negative impact the Heartbleed vulnerability has caused to organizations. The first confirmed victims are reportedly Canada’s tax agency and a UK parenting site.
Secondly, our analysis has proved that some websites have been slower to implement the latest internet technologies, hence as a result was saved from this exposure. However, organizations cannot stay backward in technology for too long, else the vulnerabilities will catch up to them and they will get exploited, if not today, then sometime in the future.
Organizations will need to take stock of the versions of internet technologies in use. If they do not have the latest versions in place, then check which of the latest versions are the most stable and work with their IT departments/partners to implement them over the next few months. While this is happening, it will be good to have the right security tools in place and perform continuous website security checks that will share regular security updates to the business owners. Here are some recommendations which will help in achieving this:
Founder & Chief Marketing Officer, Indusface
Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.