We're all becoming increasingly aware of the threat that cyber attacks pose around the world. France saw more than 19000 attacks during February alone, largely linked to the events of Charlie Hebdo. April also saw the discovery of APT30, a long running cyber espionage operation targeting multiple countries across Asia.
In the past year, unidentified hackers broke into supposedly secure US government IT systems. The agencies affected included the State Department and the White House. Separately, hackers, who were ten miles away from the vehicle, used digital radio to take control of a Jeep Cherokee driven by a journalist from Wired.
It may seem logical to think that data thieves would generally target larger companies, and the smaller ones such as a small business would be overlooked. Why, after all, would someone bother hacking a small business for a few thousand pieces of information when they could hack a big one and get tens of millions? Sadly, there is a powerful incentive for such criminals to target smaller businesses: They tend to be woefully defended against cyber security threats, and even if the profit is not as great, the relative ease of it still makes small businesses a very attractive target.
Cloud computing has made it possible for today's small businesses to work from anywhere, on any device. They can transfer files easily between computers with DropBox, video-conference across the country with Skype, and work from their smartphones and tablets without stepping foot in the office.
You can't open up a newspaper or visit a media website these days without seeing a story about the latest company that has had its computer systems hacked. Usually these stories are accompanied by big numbers detailing either financial impacts or numbers of customers affected.
You might not know much about Virtual Private Networks (abbreviated VPN), which allow your internet traffic to appear to come from somewhere else. If you do, it might be how you connect to your office when you work from home, making your computer seem to be part of the work network.
What is Heartbleed?
Heartbleed is a serious security bug in the OpenSSL cryptography library. Its official reference is CVE-2014-0160. This bug is the result of a missing bounds check in the heartbeat function.
What is an SSL heartbeat?
Without the heartbeat function, this bug would not exist, so it’s important to understand the feature being exploited.