Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Hearts Continue to Bleed – Heartbleed One Year Late

Executive Summary – “Using the recently released Venafi TrustNet certificate reputation service, the Venafi Labs team re-evaluated SSL/TLS vulnerabilities in Q1 2015 and found that most Global 2000 organizations have failed to completely remediate Heartbleed—now a full year after the vulnerability was first publicly disclosed. This leaves these organizations vulnerable to cyberattacks, future brand damage, and intellectual property loss. In one oft-cited incident, Community Health Systems was breached by the Chinese APT 18 group, who exploited incomplete Heartbleed remediation and unprotected keys to steal data on 4.5 million patients. When the Heartbleed vulnerability was disclosed in April 2014, many organizations scrambled to patch the bug, but failed to take all of the necessary steps to fully remediate. As of August 2014, 76% of the Global 2000 organizations with public-facing vulnerable systems were still vulnerable, failing to fully remediate based on specific guidance from Gartner and other industry experts. 3 out of 4 Global 2000 with public-facing systemsvulnerable to Heartbleed are still open to breach.Unfortunately little progress has been made tocomplete remediation and remove the threat. As ofApril 2015, 74% of the Global 2000with public-facing vulnerable systems are still vulnerable. That’s only a 2% improvement in 8 months, still leaving almost 3 in every 4 of these companies open to breach. Action remains needed and should be taken to find and replace affected private keys. Ponemon Institute research that surveyed over 2,300 IT security professionals echoes this reality: 60% of participants agreed their organization needs to better respond to vulnerabilities involving keys and certificates like Heartbleed.”

Sorry, comments are closed for this post.