No doubt you’ve heard about the Heartbleed bug and and how a simple coding error in OpenSSL, the Internet's most popular open source cryptographic library, has exposed countless passwords and security credentials to online hackers. Internet services have updated their systems and strengthened security in response to Heartbleed, which is used by more than two-thirds of web servers worldwide, but the vulnerability highlights the often hidden threats to data security. Here, Joel Berman, Acronis fellow and longtime IT professional, explains the implications of surreptitious malware threats such as Heartbleed and explains how image backup could help IT pros prevent data loss in the first place.
How has the Heartbleed bug affected Internet security for everyday users?
The Heartbleed bug enabled hackers to manipulate website servers to send them large chunks of a company's or Internet user’s data and memory contents. The information that the hackers could get wouldn’t be specific and could vary from documents and photos to passwords or financial details. However, many of the hackers who began to take advantage of this vulnerability wrote scripts to query the types of data they were looking for, specifically passwords they could use to hack into a person's or company’s Internet accounts. Heartbleed itself is just a bug that creates a hole in the system, allowing a hacker to break in and manipulate data or inject malware.
What risk does Heartbleed present to small businesses?
A small business with a web server that enables customers to log in to download information, shop or comment on the site could be vulnerable to hackers. A hacker could modify the programs and command the company's server to email them usernames and passwords as they are entered into the website. Many people use the same username and password for multiple websites, so all of their other accounts would be jeopardized should this information end up in the wrong hands.
How can image backup help protect sensitive data in similar situations?
In a situation like this, a hacker will program multiple viruses into a system to avoid being wiped out by a virus scanner, creating a very complicated trail for system administrators to attempt to follow and clean out. With image backup, an IT manager can identify when the virus entered and began corrupting the system, and he or she can then simply restore the clean, pre-virus version of the system from a backup. The IT manager would also need to update their OpenSSL with the fixed version and change all passwords to prevent another attack.
What can IT managers do to prepare for a data threat such as Heartbleed?
There are two vital steps that IT managers should take to prepare for a data breach such as this. The first step is to have a backup system already in place in order to restore a clean version of the system as quickly and easily as possible.
The second step is to retain their past backups. Backups take up a lot of server space and tend to get deleted every six to eight months. However, these viruses are often latent in a system for a long time and go completely unnoticed. To counteract this, IT managers need to have a sensible retention plan that keeps the older backups on hand for situations when an older version of the system is the only uncorrupted one.
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 2,000 employees in 45 locations. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by 18,000 service providers to protect over 750,000 businesses.