2nd Day of Christmas: Lessons Learned in 2017

Equifax Data Breach 2nd Day

Equifax Data Breach

Who could forget this corker? One of the biggest breaches recorded this year (at least so far) with as many as 143 million people affected. Data such as names, social security numbers, addresses, credit card numbers and driving license numbers were taken during the breach. The full breach lasted from March to July, but was wasn’t made public until September 2017.

There are so many lessons that could be learned from this breach. But, we know you haven’t got all day, so we’ll focus on just one… and it is that a properly implemented vulnerability management service should definitely be standard practice.

Without a doubt, there will have been a huge investment in security technology at Equifax, but the simple lack of a process being followed meant a single unpatched server gave hackers all they needed to breach the perimeter defense and establish a ‘beachhead’. On March 10, once ‘inside’ they proceeded to establish numerous hidden backdoors to ensure that multiple routes into the network existed even if the initial breach were discovered.  It is rumoured that this ‘entry-crew’ team, so overwhelmed with what they had achieved, actually sold the ‘beachhead’ access to a far more sophisticated hacking team.  This team had pretty much free rein to roam around systems until they were finally discovered on 29 July.  They were so ensconced in the systems they had penetrated, that the Equifax team, with the help of a drafted-in third party cybersecurity firm, had to take down a few systems for a total of 11 days whilst the cleanup was effected and all the backdoors were closed.

So, I guess what we’re saying is, whilst you may think you’ve thrown enough people, technology and cash at your cyber defenses, unless the defined process behind it all is demonstrably enacted, you may as well spend your budget on a crack PR team that specialises in crisis-management and hope for the best!

Don’t forget you can follow us on Twitter and LinkedIn to stay up to date with the latest cybersecurity news and biggest breaches.

/by