Tech companies need to up their game on internet security

Cantillon: websites from Google to Facebook to Yahoo affected by Heartbleed coding flaw

The Heartbleed bug discovered this week is further evidence that we “don’t have our house in order when it comes to internet security”, in the words of one security expert.
The Heartbleed bug discovered this week is further evidence that we “don’t have our house in order when it comes to internet security”, in the words of one security expert.

Over the years various industries from mining to medicine were made safe by a combination of regulation and co-operation. Progress was often slow, coming about through trial and error. And it seems the internet is no different.

The Heartbleed bug discovered this week is further evidence that we “don’t have our house in order when it comes to internet security”, in the words of one security expert.

Heartbleed introduced a flaw into the OpenSSL software which is used by banks, online shopping sites, social networking sites and search engines to keep personal and financial data safe. Basically, the software encrypts sensitive information. The coding flaw allowed those who knew of its existence to intercept usernames, credit card details, passwords and other information from the website.

Like other similar bugs found recently – including one in Apple’s mobile and desktop devices – the Heartbleed coding flaw had gone unnoticed for years.

READ MORE

It seems that in a rush to innovate on the web security has sometimes been an afterthought. While the subject of security is an area of concern for technology companies, it is often a later addition, rather than part of the building blocks.

By the end of 2020 it is forecast the “Internet of Things” will include 212 billion connected devices. Such a high level of connectedness creates unprecedented security challenges in terms of privacy, safety, trust and governance. It will be imperative for companies to maintain trust in the security of those connected devices. But how can they do this if they can’t even ensure the security of the web now?

Maybe it’s time the safety culture that is common in fields such as aviation and health became the norm . Companies will have to start designing security within IP-connected devices, rather than addressing it as an afterthought.