While many enterprises have already updated their critical infrastructure to address the Heartbleed bug– one of the most sophisticated vulnerabilities the digital landscape has witnessed in years – a major portion of the Internet still remains vulnerable to the threat.
Internet security company Sucuri scanned the top one million websites (determined by Alexa ranking). When the Heartbleed vulnerability was discovered, 600,000 systems were vulnerable according to the scan. A month later, they found half of the systems had been patched and only 318,269 remained vulnerable… remarkable progress.
But here’s the kicker: over two months after the Heartbleed surfaced, the firm scanned the web again, and discovered 309,197 websites are still vulnerable. That’s a mere improvement of three percent. The firm also expects thousands of critical systems to be susceptible to the vulnerability even after a decade.
Also, the analysis by Sucuri didn’t analyze how many websites updated their encryption keys and SSL certificates, which is the required action for fixing vulnerabilities. The results could be worse on that one, and it means the vulnerable websites are open to being tricked into spilling out personal information, such as credit card numbers and passwords.
How can you protect yourself against the vulnerable sites, you ask? The best option is to follow the same security best practices as suggested at the time of Heartbleed discovery. The following are some of the recommended measures:
The latest report indicates users should still consider changing their passwords for added safety. By changing passwords, you would also be modifying authorization tokens that may have been compromised on one of the smaller websites.
Enterprises can also implement a company-wide password change to be on the safe side. Additionally, you can use the Heartbleed checker; it lets you know if a particular website is vulnerable or not.
Implement monitoring practices
Real-time monitoring is one of the most powerful weapons available against vulnerabilities like Heartbleed. Companies can take advantage of both internal monitoring systems and external monitoring services.
Look for an external monitoring solution that provides proactive insights on adversary attempts, because such installations can result in the best course of action for mitigation and neutralization of sophisticated cyber vulnerabilities. Real-time internet monitoring is also a great way to protect your reputation by intercepting security threats to your cyber identity when it matters the most.
Utilize two-factor authentication
Even after resetting passwords, weak website links can still be leveraged by hackers to gain access to your sensitive information. Two-factor authentication makes it next to impossible for attackers using the Heartbleed vulnerability to access your personal information. Why? They would need your smartphone/tablet/any gadget you use as a second device to access your accounts.
Major websites already provide two-factor authentication services, but you should aim for using the option on smaller websites whenever possible. While it’s a hassle to enter two passwords, it makes a big impact on your cyber security.
Though you may have not been a victim of the Heartbleed vulnerabilities, it is still important to take steps to ensure security as websites patch their systems as a slow pace.