Managing information security amid new threats: A guide for CIOs
A comprehensive collection of articles, videos and more, hand-picked by our editors
Ever find yourself day dreaming (or nightmare-ing) about the demise of the Internet? Life without Google Maps, Wikipedia, online banking, texting over Wi-Fi … without your company's website? Welcome to the day-and-nightmare of the "Heartbleed" bug.
This week, as headlines 'round the world announced, a defect was discovered in one of the Internet's key security methods, OpenSSL, forcing two-thirds of all websites -- that probably means yours -- to consider changes to protect the security of consumers. The so-called heartbeat protocol -- responsible for encrypting online sessions and connecting consumer devices in homes, offices and industrial settings to websites -- is now tainted by the Heartbleed bug.
The information leaked from Heartbleed varies on a case-to-case basis -- as does the advice on how to respond to it. Security experts initially advised consumers to wait for sites to announce that they have dealt with the issue before rushing to change their passwords. That is not the case for IT leaders, who are advised to assume their companies' systems have been infected. Highest priority should be given to systems open to the Internet.
If you are not already in a sweat over Heartbleed, consider this: MIT Technology Review reported that the bug could live on for years in devices that are infrequently updated. Here are some devices susceptible to the bug (basically anything compiled in a version of OpenSSL between December 2011 and April 8, 2014 is susceptible):
♡ Cable boxes and home Internet routers
♡ Enterprise-grade network hardware
♡ Industrial and business automation systems
♡ IT equipment and traffic control systems
♡ Email servers
♡ Client software
♡ Long list of websites (via GitHub), including Yahoo!, Flickr, Imgur and Eventbrite
CIOs can point their users to any number of articles explaining the vulnerability, from Paul Ducklin's Anatomy of a data leakage bug for the tech-savvy, to the New York Times Bits blog's coverage of the heartbeat security bug, to Mashable's depressing "what's next" proposals. (Hint: There are no winners, only millions of losers.) And to ease your heartburn from Heartbleed, we also offer some choice pieces on CIO advice, a couple of cool new inventions, and tips for capitalizing on real-time analytics.
- After you're done learning about OpenSSL vulnerabilities, read about the five lessons CIOs can adapt from their CIO peers at tech companies to spruce up their IT strategy and executive cred.
- Romy and Michelle may have wished they invented Post-it notes, but we're wishing we thought of this ingenious packing tape idea or the first all-solar plane to fly around the world.
- Brace yourself for the new Twitter design. The update -- featuring newfangled profile looks and tools resembling Facebook Pages -- aims to make Twitter more user-friendly for less-frequent Twitter users. What do our big tweeters think about that?
- Are your real-time analytics coming up with brilliant business breakthroughs -- but the business can't get out of its own way to act on them? Michael Schrage, a research fellow at MIT Sloan School's Center for Digital Business, tells CIOs why changing behaviors is key to keep analytics from failing.
Emily McLaughlin asks:
Is the Heartbleed bug (two years unnoticed) an augur of Internet security troubles to come?
2 ResponsesJoin the Discussion