The State of Online Security One Year after Heartbleed
“Those who cannot remember the past are condemned to repeat it.”
George Santayana – philosopher, essayist, poet, and novelist
This week marks the passing of a full year since Heartbleed first appeared in the news. We’d love to tell you that this dangerous security flaw sparked a year of awareness, discussion and proactive measures by consumers for better online security practices, but that is not the case.
According to a study commissioned by Dashlane, 86% of Americans are not aware of Heartbleed.
If you are one of the 86%, here’s a quick recap: The Heartbleed bug allowed anyone on the Internet to read the memory of systems protected by vulnerable versions of the OpenSSL software. This compromised the secret keys used to identify the service providers and to encrypt the traffic. It made the names and passwords of users available to attackers so they could eavesdrop on communications and steal data directly from users.
Lack of awareness aside, the public is not divided on the issue of online security and privacy. Everyone is in favor of more of it and they want better tools to achieve it. However, the Dashlane survey shows the tech community is not doing a good enough job educating the public about the consequences of lax security and privacy practices. We also need to make people aware of the relatively simple best practices that everyone can immediately take to better protect themselves online.
As a global Internet community, we must do better. The responsibility for greater Internet security rests on all of our shoulders. The tech community certainly needs to continue to be innovative and strengthen the security and encryption products that we offer. But, we also need help from the customers, from academic researchers, and even the government.
The survey also revealed only 1% chose their private email as the personal information they are most concerned with online hackers stealing, despite email being an easy front door to valuable and exploitable personal information.
That’s a shockingly low percentage. Yes, your SSN and your financial data MUST be secured, but we need to guard our online communications and habits with the same intensity. The content of our email, what we post on social media, our Google searches – these are things that go right to heart of our personalities. This content covers, our interests, our relationships, our secrets. This is private information that belongs to you. It’s your property and should be protected by the 4th amendment and due process.
As part of its Heartbleed Study, Dashlane spoke to Golden Frog’s President, Sunday Yokubaitis, and other experts from the realms of business, advocacy and academia to provide the public with an assessment of the fallout from Heartbleed, and to analyze online security and privacy challenges that lie ahead. Please watch The State of Online Security One-Year After Heartbleed video with the experts’ commentary.