Remember back in April 2014 when it seemed like every single company with a user sign-in system freaked out because of a severe OpenSSL vulnerability that put all of our passwords at risk? Well unfortunately, the threat is still very real for thousands of businesses that are still using unpatched servers. This leaves organizations wide open for malicious exploits, which can put the confidential information of your clients and companies at risk. And just who is raising these red flags and sounding the digital alarms? IBM is responsible for these data reminders with their recent Threat Intelligence Quarterly report.
Don’t Underestimate Heartbleed
Think that this is old news or an outdated threat? The Threat Intelligence report reveals that IBM’s managed security services reported all-time highs of 3.47 attacks each second. The largest spike of attacks in a 24-hour period occurred in mid-April, with over 300,000 daily attacks. These astonishing numbers show how relentless malicious parties can be when it comes to digital vulnerabilities. If a server remains unpatched against Heartbleed, then it’s just a matter of time before this opening is exploited.
Crack Down on Assets
If your company becomes a victim of the Heartbleed vulnerability, will your company be able to quickly identify the data that has been compromised? Managing your data assets is a critical business practice that will help you during disaster recovery and hacking scenarios. Your IT department should have a firm grasp on where data is kept and how it is backed up. Heartbleed isn’t your company’s only problem. Your IT department should be prepared for any attempt at data theft or destruction.
Check with Your Hosting Service
Many website service providers released detailed reports regarding their server patch statuses once news about Heartbleed hit the wires. Your IT department should contact your business website hosting platforms to ensure that these patches have been unrolled across all relevant servers. If your hosting service is unable to verify that the Heartbleed vulnerability has been addressed, then speak with your IT leaders to brainstorm alternative services. Your company shouldn’t have to pay for the mistakes of a third-party host.
Pay Attention to Continuing News
Heartbleed was a scary and eye-opening reminder that a single common vulnerability could put thousands of companies and customers at risk. Stay informed about the latest Heartbleed news by following tech industry news sources. Adjust your data asset and security plans accordingly.
Inform Your Customers
Even if your own servers haven’t been compromised by the Heartbleed bug, it did affect the users of many popular online services. If a malicious party has gotten ahold of a customer’s account information, then the same credentials could be used to access the services your company provides. Remind your online customers to stay on top of periodic password changes and let them know that your company is taking proactive steps to avoid future security vulnerabilities.
Heartbleed demonstrates the potential risks of running outdated online technologies. Unfortunately, the IBM report illustrates that many servers remain unpatched and still vulnerable to exploits. Your organization can brace itself against future attacks by ensuring that its servers are patched, keeping up-to-date with security news, and informing your customers of password best practices.