CRA breach due to ‘Heartbleed’ shows importance of security: analyst
Posted April 14, 2014 11:28 am.
This article is more than 5 years old.
VANCOUVER (NEWS1130) – Could we have predicted the CRA breach that resulted in 900 SINs being stolen due to the “Heartbleed” bug?
“I think this was the easiest prediction we could have made,” says independent technology analyst Carmi Levy.
“We absolutely knew that some kind of breach, some kind of news that a system had been violated was on the way; now we have that validatin. But I can guarantee you, it’s not going to stop with 900 social insurance numbers for CRA users. It’s going to extend well beyond this one little group and the scope is only going to grow in the days and weeks to come.”
He says we don’t spend enough money, time or energy on security.
“We’re so focused on the gadgets — the latest phone, the latest tablet, or what operating system we’re using — we tend to forget about security. It’s like insurance: You ignore it until the worst happens, then you wish you had bought more,” he explains.
“I think this is a bit of warning shot to all of us that we need to start taking security seriously. We need to start getting ahead of these vulnerabilities so that Heartbleed 2, Heartbleed 3 and Heartbleed 4 don’t bite us again,” adds Levy.
He feels the way to do that is by spending more money on security.
“If you are a company, if you are a government agency, if you are an individual, the first thing that you do is you start buying the right software, you start allocating the time and push security higher up on the budget priority list so that it isn’t just an afterthought,” he argues.
“Companies need to hire people who specialize in this. They need to actively look for weaknesses in the way their systems are built so that doors don’t remain unlocked for two years before you realize that you are exposed. This is completely unacceptable and I think it shows that our priorities have been wrong for far too long.”
The Heartbleed bug is caused by a flaw in OpenSSL software, which is commonly used on the Internet to provide security and privacy.
The Canada Revenue Agency says everyone affected will receive a registered letter and free access to credit protection services.
