Can Your IT Staff Handle a Major Security Breach?

In 2014, businesses learned about a security vulnerability that could jeopardize their internal documents and their customers’ personal and financial information. The Heartbleed bug was unique, in that it wasn’t a virus that inflicted a single, obvious attack that could be easily identified. Instead, it leaked security keys, passwords, content, historical data – all kinds of information that could open the door to hackers everywhere.

One year later, and three out of four businesses are still at risk of being harmed by the Heartbleed bug. That’s why IT departments should be working quickly to identify and remediate vulnerabilities.

Follow the steps

Erik Heidt, research director for Gartner, recommended three steps for safeguarding against Heartbleed. But he noted that some IT departments were being “lazy” and simply rotating certificates, instead of creating new ones. If hackers have access to your encrypted traffic, you need to start over – rotating certificates won’t protect you.

Alarming statistics

On June 8, cybersecurity company Venafi released the results of its 2015 RSA Conference survey. The results show that many IT professionals are lacking the knowledge needed to defend against a Heartbleed-style attack. The survey found:

• Only 8 percent of respondents would replace compromised keys and certificates, following a breach

• Only 43 percent of respondents said they were using a key management to protect keys and certificates

• 38 percent of respondents either don’t know how to detect or can’t detect compromised keys and certificates

• 64 percent of respondents said they would not be able to respond to attack on SSH keys within 24 hours

SSH keys are how virtual servers identify trusted remote computers, and they never expire. Criminals who are able to access your SSH keys could infiltrate and control your systems until such time they are detected.

Testing and training

One way to test your vulnerability is to try to hack into your own system from the outside. That’s what Finnish security company Codenomicon did last year. Codenomicon – the firm that discovered Heartbleed – found it could hack its own services externally and steal sensitive information.

Companies that want to defend against sophisticated attacks would be wise to pay for additional training for their IT security professionals. You can find plenty of training opportunities that will help your staff react quickly to a data breach.

Lifeline Data Centers has the expertise to detect hacker infiltration and act immediately to remedy it. That’s why so many businesses – including medical organizations – trust us to keep their data secure. Schedule a tour today, or give us a call to ask how we can help you.

Other resources:

• Infographic: The 22 Data Center Compliance Acronyms You Need to Know
• White Paper: Why Data Center Compartmentalization is Important
• Lifeline One Sheet: What You Need to Know About Lifeline Data Centers

Rich Banta

Managing Member at Lifeline Data Centers

Rich is responsible for Compliance and Certifications, Data Center Operations, Information Technology, and Client Concierge Services. Rich has an extensive background in server and network management, large scale wide-area networks, storage, business continuity, and monitoring. Rich is a former CTO of a major health care system. Rich is hands-on every day in the data centers. He also holds many certifications, including: CISA – Certified Information Systems Auditor CRISC – Certified in Risk & Information Systems Management CDCE – Certified Data Center Expert CDCDP – Certified Data Center Design Professional