Cyber, online security, shellshock, cyber insurance, flaw, payments

Shellshocked: Cyber Security’s Latest Flaw

Cyber security experts must focus more on the fundamentals of the internet

Heartbleed, Shellshock, Poodle. All three are vulnerabilities in the software of the web that have been discovered this year.

Shellshock – by far the most serious of the three – has existed for over two decades, but was only discovered two weeks ago. It’s been described as the worst bug to be exposed online in a very long time, a fundamental flaw in code that makes up the basic architecture of the internet.

Granted, the internet’s infrastructure has long been responsible for connecting millions of people on a daily basis. It was first realised over 25 years ago, and has grown rapidly from its basic elements. However, the existence of the Shellshock bug demonstrates that, at its core, the internet is simply too old and fragile. Cyber security experts dedicate so much time and effort to improving security for the newer parts of the web, while assuming that it is foundationally secure. On the other hand, very few people are focusing on the internet’s underlying components.

The flaw is so fundamental that governments and militaries, along with high-profile companies, have all been at risk because of it. It is still unclear quite how many hackers were aware of the Shellshock bug before it became widely publicised – a few news sources have suggested that it was discovered by Google engineers before any cyber criminals became aware of it. Industry experts, however, claim otherwise:

“We have been running a Honeypot since yesterday that basically emulates a system that is vulnerable.” said Jamie Blasco, lab director of AlienVault. ‘We found several machines trying to exploit the vulnerability.”

The impact on your company.

Companies and software providers who specialise in payment technology should be among the most concerned. It’s becoming increasingly apparent that the internet is ‘built on thin ice’ and this should be very concerning to any companies venturing into the world of ePayments.

Does your company require cyber insurance?

Many industries are not aware enough of cyber issues – in 2013, only 22 per cent of stock exchanges were insured against cyber attack. In more recent news, Lloyds of London have teamed up with a US State Governor to provide a more comprehensive form of insurance to protect companies cyber threats.

Want to learn about about the latest cyber security and insurance?
If so, you should consider attending The Cyber Security Show 2015

cyber security show blog post banner

Leave a Comment

Current ye@r *