From Neiman Marcus to the Seattle Archdiocese, a quick look at the security breaches from the first half of 2014 has made it clear our enemies are getting stronger and smarter. In this week's SecurityWeek Article, Core president and CEO Mark Hatton explains how the security community can fight back.
The beginning of July always marks a turning point. Summer finally feels like it’s in full swing, vacations, BBQs, and summer camps are ramping up, and it provides the perfect time to reflect back on the first half of the year and see how we did and what we should change. Looking back on 2014, I think it’s clear that we can be doing better. And that we need to do better. Here we are, halfway through the year, with a full plate of attacks and breaches. We all know hype has a big role in security but it’s no exaggeration to say Heartbleed was one of the worst vulnerabilities ever found. It’s clear our enemies are getting stronger, and smarter. But we’re also still opening doors for them. Weak passwords are still the path of least resistance for even the most novice attacker.
We kicked off the year still reeling over the Target breach, an attack that continues to make headlines and led to a CEO stepping down and a CISO stepping up. In January, Snapchat users scrambled to change their passwords and Neiman Marcus shoppers were forced to keep a close eye on their credit card statements. We saw a database attack at the University of Maryland that exposed 300,000 records, eBay’s entire user database was compromised and even the Seattle Archdiocese had to deal with hackers using the social security numbers of employees and volunteers to file fraudulent tax returns. That’s hardly scratching the surface of the attacks so far this year, never mind the countless others that didn’t garner national headlines.
But of course the biggest shock to the security system was heartbleed. The Heartbleed Bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. We are all aware of the big-name HTTPS-enabled sites and applications such as Google and Facebook that were affected, but the true impact to corporate networks and servers remains to be seen.
To read the complete article, please visit SecurityWeek at: