Ross Brewer
Vice President & Managing Director, EMEA

FREAK: Organizations Need to Protect Themselves, Not Wait for Patches

This week, security researchers at SmackTLS, a new, potentially dangerous flaw that could allow hackers to trick Internet-enabled devices into using weak encryption.

The bug, dubbed “FREAK” (factoring attack on RSA export keys). affects SSL/TLS protocols and could, therefore, be used to intercept a whole host of data transmitted online—from bank detail to email logins.

There is currently no evidence that the flaw has been taken advantage of by hackers, but there are a number of browsers and websites that could be at risk—including Google and Apple.

While this flaw may not be readily employed by hackers, organizations and individuals alike need to be cautious. Not least because it isn’t the only flaw that exists. In fact, we hear of so many examples of vulnerabilities and attacks these days, that there’s a very real chance hearing news like this will become the status quo. Until every organization can be 100 percent confident in its cyber security policies, we need to ensure this doesn’t happen.

While Internet companies need to provide patches for flaws such as this, organizations shouldn’t just wait for this to happen. Instead, they need to take a proactive approach and cut the hackers off before they can take advantage of any weaknesses. The most dangerous situation for a company to get themselves into is allowing a hacker to get in and stay in—the longer they are able to do so, the more damage they can cause.

As such, organizations should employ security intelligence strategies, which allow them to reduce the time it takes to detect and respond to any threats. The problem we have today is that there is so much data crossing networks, it can be difficult to differentiate between the good and the bad.

Taking an intelligent approach to network security makes it easier to see what should and shouldn’t be there. If a hacker wants to get in, they will—either through a flaw like this, or though other highly sophisticated techniques. Security intelligence provides a moat. They might jump over it, but they’ll be seen doing so pretty quickly.