Is your website secure? Most organizations assume that their site is, but most often this is based on assumptions rather than evidence.
One element that many organizations misjudge is time. If we look back over the last century, it is easy to see how physical locks have changed. Most of us would correctly assume that a modern lock would be more secure, and this is generally true. Time tends to corrode security.
Jason Torchinsky calculated in 2013 that “information now travels at 33,480,000 times as fast” as it did 200 years ago. No wonder that the concept of Internet time was coined to address this acceleration.
Given the rate at which we can store and transmit information and the fact that we live in a civilization that is engaged 24/7 with the Internet, we have to know that this affects how we think about cyber security.
Most organizations are not working around the clock, but we can assume that the people looking to exploit are. Like everything on the Internet, it is not limited by physical proximity.
“Hackers” also have become much more organized and aren’t simply geeks in basements. We now have organized crime rings, semi-political groups like Anonymous and even nation states involved in cracking Internet security.
If security is important for organizations, the timeliness of maintaining the security of Internet applications becomes more important than ever. Many organizations are far too bureaucratic and have technology processes that are just too slow.
The Heartbleed bug of 2014 is one of the biggest examples where a vulnerability was discovered that affected core elements of Internet security which, if not immediately addressed, would affect millions of transactions online. The timeline of the Heartbleed Bug discovery tells a lot about the global nature of technology and the speed with which people can learn about security exploits. There are no known sites compromised before the bug was publicly announced on April 7, but a week later there are reports of sites with millions of users being compromised.
Simply putting off the update to the next organization release cycle would have been very irresponsible.
In response to this high severity exploit, the Dutch government has shown leadership in the open source community by funding the development of open-source SSL libraries.
Hackers are becoming more organized and it is becoming easier to track more and more sites for vulnerabilities when they arise.
Websites have become truly mission critical to most organizations, but the security mindset that most organizations have is still tied to the time when the website was just an electronic brochure. For many organizations, it has become the front door to their customer base.
Security requires persistent vigilance, and in this case time is definitely not on your side.