Breakout

Cybersecurity: Heartbleed bug drives home the need for more protection

Breakout

Remember the holiday hack at Target (TGT) which stole information on as many as 40 million credit and debit card customers and personal information on 70 million more, or the hack at luxury retailer Neiman Marcus involving more than a million credit cards that fall?

Now there's a lot more for you to worry about. Security experts have recently discovered a computer bug called Heartbleed that exposes a popular security protocol known as SSL to a possible major breach. Your personal information such as passwords, credit card information and social security number could potentially be stolen. It's as if you thought you closed the door to your home so no one could get in but actually left it slightly ajar.

Initially it was thought the bug would affect only Internet servers but the latest reports indicate Heartbleed could impact routers, switches and firewalls, even personal mobile devices and printers if they're connected to the Internet.

Major websites like Yahoo (YHOO), Facebook (FB) and Google (GOOG)  and Cisco (CSCO)  are working on the problem, but you should too. At a minimum security experts advise consumers to monitor their online transactions closely, looking for any breaches, and update passwords.

Heartbleed is the just the latest technology threat to consumers. Last week The New York Times reported that a computer breach at a big oil company--which remains unnamed--that came through ... wait for it ... a Chinese takeout menu. A Chinese takeout menu! When workers at the oil company read the online menu, hackers who had infected it with gained access to the company's computer network.

Now The New York Times is reporting a computer breach at a big oil company--which remains unnamed--that came through ... wait for it ... a Chinese takeout menu. A Chinese takeout menu! When workers at the oil company read the online menu, hackers who had infected it with gained access to the company's computer network.

Related: Today's Trending Ticker: Market favorite FireEye sliding

One very vulnerable sector is the U.S. power grid, which underpins everything, says Stephen Boyer, the chief technology officer and co-founder of BitSight Technologies, which advises companies on how to reduce cybersecurity risks.

"The retail sector certainly took a big hit. The energy power generation upon which we all rely is an area of concern. If it were to lose power what are all the other things that would follow on?" asks Boyer. BitSight last year graded the cybersecurity of the energy sector below that of retail.

Some examples of such power grid breaches: Central Hudson Gas and Electric in Poughkeepsie, New York last year reported that hackers accessed as many as 110,000 customer accounts and Telvent Canada Ltd, a Canadian energy firm, reported the theft of project files in September 2012.

Related: Target's lost opportunity to say it's sorry

Another vulnerable area for cybersecurity breaches, according to Boyer: the government itself. A report commissioned by the Republican staff of the Senate Homeland Security and Government Affairs Committee recently found that hackers had "penetrated, taken control of, caused damage to and/or stolen sensitive personal and official information from computer systems at the Department of Homeland Security, Justice, Defense, State, Labor, Energy and Commerce, NASA, the Federal Reserve, Commodity Futures Trading Commission, FDA" and more.

The report also found that hackers broke into the federal Emergency Broadcast System and the U.S. Army Corps of Engineers, that the Nuclear Regulatory Commission stored sensitive cybersecurity details for nuclear plants on an unprotected shared drive and that the SEC exposed sensitive data about its networks supporting the NYSE including the exchange's cybersecurity measures.

"We're relying on the government to provide certain services and it's also certainly vulnerable along with the power grid," says Boyer.

He advises that the government and corporations look to "patterns of success" in cybersecurity for guidance. Chief among those: the financial industry. It's been performing the best when it comes to cybersecurity, says Boyer. "Cybersecurity is a board level [and] executive level issue and they've been managing risks longer. They've had people trying to rob banks for quite a while."

Follow Breakout on Facebook and Twitter @Yahoo Breakout.

More from Breakout:

Starbucks’ mastermind faces his greatest challenge

Birdies and Bogies: The impact of Tiger Woods' Masters absence

Jeff Saut: The bull market will survive a rough spring

WWE body-slammed again, Nike just doing it, Nokia gets ring of approval

 

 

 

Rates

View Comments (58)