ITB BLOG

The negative correlation between time and your online security

Is your website secure? Most organizations assume that their site is, but most often this is based on assumptions rather than evidence.

One element that many organizations misjudge is time. If we look back over the last century, it is easy to see how physical locks have changed. Most of us would correctly assume that a modern lock would be more secure, and this is generally true. Time tends to corrode security.

Jason Torchinsky calculated in 2013 that “information now travels at 33,480,000 times as fast” as it did 200 years ago. No wonder that the concept of Internet time was coined to address this acceleration.

Given the rate at which we can store and transmit information and the fact that we live in a civilization that is engaged 24/7 with the Internet, we have to know that this affects how we think about cyber security.

Most organizations are not working around the clock, but we can assume that the people looking to exploit are. Like everything on the Internet, it is not limited by physical proximity.

“Hackers” also have become much more organized and aren’t simply geeks in basements. We now have organized crime rings, semi-political groups like Anonymous and even nation states involved in cracking Internet security.

If security is important for organizations, the timeliness of maintaining the security of Internet applications becomes more important than ever. Many organizations are far too bureaucratic and have technology processes that are just too slow.

The Heartbleed bug of 2014 is one of the biggest examples where a vulnerability was discovered that affected core elements of Internet security which, if not immediately addressed, would affect millions of transactions online. The timeline of the Heartbleed Bug discovery tells a lot about the global nature of technology and the speed with which people can learn about security exploits. There are no known sites compromised before the bug was publicly announced on April 7, but a week later there are reports of sites with millions of users being compromised.

Simply putting off the update to the next organization release cycle would have been very irresponsible.

In response to this high severity exploit, the Dutch government has shown leadership in the open source community by funding the development of open-source SSL libraries.

Hackers are becoming more organized and it is becoming easier to track more and more sites for vulnerabilities when they arise.

Websites have become truly mission critical to most organizations, but the security mindset that most organizations have is still tied to the time when the website was just an electronic brochure. For many organizations, it has become the front door to their customer base.

Security requires persistent vigilance, and in this case time is definitely not on your side.

 

Mike Gifford
Mike Giffordhttp://openconcept.ca
Mike Gifford is the founder of OpenConcept Consulting Inc, which he started in 1999. Since then, he has been particularly active in developing and extending open source content management systems to allow people to get closer to their content. Before starting OpenConcept, Mike had worked for a number of national NGOs including Oxfam Canada and Friends of the Earth. As a techie at heart, Mike likes to get into the code when he gets the chance. Being ultimately concerned about the implementation and implications of the technology, he is able to envision how your website can become a much more powerful communications tool for your organization. Mike has been involved with accessibility issues since the early 1990's and is a strong advocate for standards based design.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.