SA firms face Heartbleed dilemma
Cape Town - When talking about Heartbleed, the internet bug which has potentially handed over countless passwords, usernames and banking details to malicious hackers, there are no certainties.
The number of sites affected by the unplugged loophole and the damage, if any, it has caused are both unknowns.
But what is a certainty, at least for security experts in South Africa, is that the security hole should be a wake-up call for local authorities, who they accuse of delaying the introduction of proper structures to combat the rise of cybercrime.
In the 2013 Norton Report, it was revealed that South Africa had the third-highest prevalence of cybercrime in the world, just after Russia and China.
According to the report 73 percent of residents in this country have fallen victim to some form of hacking.
“This is a major problem,” said IT security expert and Institute for Security Studies consultant, Eric Tamarkin. “People are not going to want to do business here any more unless we turn things around.”
The problem with Heartbleed is that, short of changing their passwords, users can do very little about it.
“It’s almost like being in an airplane, we have to rely on someone else to get us there safely. We are just passengers here.”
While websites update their software to patch up the cracks, there has been little indication of how many companies have been compromised by the exploit.
While experts expected a few more companies to issue warnings over the weekend, Tamarkin said it was often not in a company’s best interests to be transparent about major security issues.
He cited Target – the large retailer in the US – as an example of this. The store was compromised when hackers stole data belonging to about 110 million shoppers.
“They revealed the numbers and it hit them hard. They are losing sales, and experiencing some major financial issues.
“So there is a tension here; while users want to know if their information has been stolen, companies may not want to come forward because it could have a negative impact on them.”
He speculated that many companies would handle the aftermath of Heartbleed on a case-by-case basis.
For Craig Rosewarne of Wolfpack Information Risk, this is exactly why South Africa needs proper cyber crime structures.
“It would allow users to force companies to hand over this information.” - Cape Argus
Highest number of cybercrime victims according to the 2013 Norton Report:
1. Russia – 85 percent
2. China – 77 percent
3. South Africa – 73 percent
Update: 2:30pm April14, 2014
Article updated to remove the suggestion that Heartbleed is a virus.