Cybersecurity is becoming an oxymoron

After a security leak, hacking and the Heartbleed Internet bug, it seems like the cybersecurity system is falling apart.

New reports say the NSA may have been exploiting the Heartbleed bug to gain access to private information. While the NSA has denied these allegations and, personally, I think it sounds like a conspiracy theory, one thing has become abundantly clear — no matter who had access to what, cybersecurity has to become a bigger priority.

The seemingly constant stream of leakage and information misuse is starting to become extreme, to the point where I no longer trust putting information on any website anywhere.

What is unfortunate, and scary, is that we are well into the digital age. We are all online, our information can be found and hacked and companies require that we create profiles to use their services without creating a secure system that lasts longer than three years.

Private organizations and institutions like IU and Target and programmers of source software such as OpenSSL need to recognize first and foremost that relying on outdated services is not going to protect their consumers. Instead of sending everyone new debit and credit cards and releasing passive warnings after the exposure occurred, there needs to be an in-depth understanding of what the dangers of the web are and how we can address them.

IU students didn’t find out about web crawlers until after three had seen our information.Target didn’t discover the security breach until after customers were
affected. If we are using these massive tools, we need to understand the potential dangers of them first.

To shop for anything online, the consumer is required to create a profile and provide their address, payment info and other personal information. These accounts are locked into place, they do not disappear after a set amount of time and they are essentially sitting ducks for identity thieves.

OpenSSL, the security program affected by the Heartbleed bug, is linked to two-thirds of servers in the U.S., used by all of them to ensure cybersecurity.

It boggles the mind that no one realized this would be a prime target for hackers, and thus might have led someone to make it stronger or at least limit the amount of information that could be leaked.

In short, more needs to be done. The fact that security organizations and big companies cannot protect their clients and customers indicates the technology is changing, and the security needs to change with it.

The next time I have to change my passphrase, I want it to be the last.

ewenning@indiana.edu
@EmmaWenninger