Hearts Still Bleed – Vast Majority of Global 2000 Organisations in the UK Remain Vulnerable to Heartbleed One Year on

Venafi, the leading provider of Next-Generation Trust Protection, today announced new research reevaluating the risk of attacks that exploit incomplete Heartbleed remediation in Global 2000 organisations in the UK.

Using Venafi TrustNet, a cloud-based certificate reputation service designed to protect enterprises from the growing threat of attacks that misuse cryptographic keys and digital certificates, Venafi Labs found that 84 percent of Forbes Global 2000 organisations’ external servers remain vulnerable to cyber attacks due to Heartbleed. This leaves these organisations defenceless to reputational damage and widespread intellectual property loss.

When the Heartbleed vulnerability was discovered in April 2014, many organisations scrambled to patch the bug, but failed to take all of the necessary steps to fully remediate their servers and networks. But despite significant guidance from Gartner and other industry experts, the majority have failed to take the necessary steps to fully remediate their servers and networks. Shockingly, 2 in 3 (67%) of the Forbes Global 2000 most profitable companies in the UK are still vulnerable to the security flaw and risk a massive security breach. In addition, as of April 2015, only 23% of UK companies within the Forbes Global 2000 have taken appropriate actions for complete remediation.

“A year after Heartbleed revealed massive vulnerabilities in the foundation for global trust online, a major alarm needs to be sounded for this huge percentage of the world’s largest and most valuable businesses who are still exposed to attacks like those executed against Community Health Systems,” said Jeff Hudson, CEO, Venafi. “Given the danger that these vulnerabilities pose to their business, remediating risks and securing and protecting keys and certificates needs to be a top priority not only for the IT team alone, but for the CEO, BOD, and CISO.”

In 2014, cybercriminals used the keys and certificates that were captured via Heartbleed in the Community Health Systems breach in which APT 18, a known Chinese espionage operator, stole 4.5 million patient records.  Again in 2014, the hugely popular site Mumsnet in the UK became victim of the Heartbleed SSL software flaw.  The compromise allowed hackers to access approximately 1.5 million user accounts. Although the data access was less sensitive than in some other global attacks, it showed the potency of the breach.

Among more than 2,300 IT security professionals surveyed in the 2015 Cost of Failed Trust research, 100 per cent of UK companies acknowledged they had been targeted by at least one attack on its organisation’s keys and certificates in the past two years. Sixty percent of participants in the research agreed their organisations must do a better job responding to vulnerabilities like Heartbleed involving keys and certificates. According to the new Ponemon research, the risk facing UK enterprises from attacks on keys and certificates is at least £33 million over the next two years.

Download the Venafi Heartbleed +1 Year Analysis (PDF) at 

About Venafi

Venafi is the market-leading cybersecurity company in Next Generation Trust Protection (NGTP). As a Gartner-recognized Cool Vendor, Venafi delivered the first Trust Protection Platform™ to secure cryptographic keys and digital certificates that every business and government depends on for secure communications, commerce, computing, and mobility. With little to no visibility into how the tens of thousands of keys and certificates in the average enterprise are used, no ability to enforce policy, and no ability to detect or respond to anomalies and increased threats, organizations that blindly trust keys and certificates are at increased risk of costly attacks, data breaches, audit failures, and unplanned outages.

To view a full copy of the report, please click here

ISBuzz Staff
Expert Comments : 0
Security Articles : 2521

ISBuzz staff provides a brief synopsis and summary of the breaking information security news and topics to allow information security experts to provide their expert commentary on the breaking news or the topics.