When the so-called “Heartbleed” security bug was discovered in spring 2014 it was described as one of the biggest risks to online consumer data in years. However, it didn’t take long for concerns about Heartbleed to be overshadowed by worries about a new computer-based vulnerability, the software bug known as “Shellshock.”
Experts warn that the programming flaw, which came to light in September 2014, could affect hundreds of millions of computers, smartphones and other devices, The New York Times reported.
The perils presented by Heartbleed and Shellshock serve to spotlight the “grim picture” painted by a major cybersecurity report.
According to the Cisco 2014 Annual Security Report, almost 1 million additional cybersecurity professionals are needed worldwide to monitor and secure online networks. Meanwhile, hackers appear to be seeking to infiltrate networks and systems through the use of so-called “uberbots,” which deliver spam and malware to “high-reputation and resource-rich assets.”
“Simple attacks that caused containable damage have given way to organized cybercrime operations,” the report found.
The continuing shift toward the use of cloud computing is also straining the ability of businesses and organizations to safeguard their data.
Among Cisco’s other findings:
Although not malware or a virus, the Heartbleed bug left websites and email servers potentially vulnerable to the theft of encrypted personal information, such as passwords and Social Security numbers.
With organizations facing significant and evolving cybersecurity challenges, the Cisco report outlined a series of recommendations to protect against hackers and other cyber criminals. Among the measures: review existing security systems to better understand where threats and vulnerabilities exist; verify the trustworthiness of technology and technology vendors; and unite security operations with an organization’s overall goals and objectives.
“All organizations should be concerned about finding the right balance of trust, transparency, and privacy because much is at stake,” the Cisco report noted.