Exactly 1 year back, the OpenSSL bug named Heartbleed created havoc in the world of internet. Many remedies and preventive measures were suggested to get rid of this bug. A number of ways to tackle this bug were also suggested by several browsers.
Heartbleed, the risk continues
However, recent evaluation done by Venafi, a provider of Next Generation Trust Protection, reveals that the risk of attacks by this bug still continue to haunt the world. Venafi re-evaluates these risks of attacks that exploit incomplete Heartbleed remediation in Global 2000 organizations.
Venafi’s this analysis was done using Venafi TrustNet, a cloud-based certificate reputation service. Venafi TrustNet offers protection from growing threat of attacks that misuse cryptographic keys and digital certificates.
During the analysis, Venafi Labs discovered that nearly 85% of Global 2000 organizations’ external servers remain vulnerable to cyber attacks due to this deadly bug called Heartbleed. In other words, 3 out of 4 companies are vulnerable to the danger caused by Heartbleed. This is really alarming situation as most of the companies remain defenseless to avoid any losses caused by Heartbleed.
Venafi mentions the reason behind the continued terror of Heartbleed:
“When the Heartbleed vulnerability was discovered in April 2014, many organizations scrambled to patch the bug, but failed to take all of the necessary steps to fully remediate their servers and networks.”
Jeff Hudson, CEO of Venafi says,
“A year after Heartbleed revealed massive vulnerabilities in the foundation for global trust online, a major alarm needs to be sounded for this huge percentage of the world’s largest and most valuable businesses who are still exposed to attacks like those executed against Community Health Systems. Given the danger that these vulnerabilities pose to their business, remediating risks and securing and protecting keys and certificates needs to be a top priority not only for the IT team alone, but for the CEO, BOD, and CISO.”
It is certainly a situation to worry as a Heartbleed remains as powerful as it was one year back. It will be interesting to see what kind of security methods will be accepted worldwide to combat Heartbleed.