by Shawn Burke
The Equifax breach could very well change the way we protect our information in the future. While we all worry about how this devastating cyber hack will impact our privacy and security, there are real and common-sense things we can all do to protect ourselves, whether we are monitoring our own personal credit or running IT for a Fortune 500 company.
Just to refresh your memory: On September 8, Equifax—the credit reporting agency with access to more than 800 million consumers’ credit files—revealed that it had been hacked during the summer. Hackers gained access to the social security numbers, birth dates, addresses, and in some cases the driver’s license numbers of more than 143 million people. That’s 45% of the U.S. population. Chances are pretty high that you or someone you know was impacted. Or both.
So what happened? Equifax says it neglected to make a recommended patch to Apache Struts, an open-source framework used to build Java web applications. The Apache Foundation concluded that the Equifax data breach was due to its failure to install the security updates provided in a timely manner.
Can something like this be avoided in the future? Absolutely. Tune into this BrightTALK panel where I’ll be discussing the Equifax hack and data protection this Thursday, September 21 at 4 p.m. EDT. Here’s a sneak peek at some of the advice we’ll cover.
- Don’t fumble. The Equifax breach is yet another example of an organisation dropping the ball on updates that can prevent disasters such as hacking. Too often, security hygiene is taken for granted in organisations. Just because you have a formal security programme doesn’t mean everything is being taken care of. Security has no room for assumptions and must be verified infinitely. It isn’t always the security team’s responsibility to patch, but it should enforce and sound the alarms to make patching a priority.
- Go robotic. Automation can ensure certain things are done to prevent attacks, like updating systems. Once a security team understands where the crown jewels are, it needs to integrate automation as much as possible within the security plan. Besides perimeter and end-point defences, the scope should include workflow processes such as patch management. When a threat is identified, the service management tools should initiate a work request to update the system. Scripts can alert you to whether the work has been completed within the defined timeframe. Critical patches need to be applied immediately, not just when convenient. It’s all about speed, which automation enables.
- Monitor your investments. If you invest in a top-notch security system but don’t keep your security solutions up to date with threat feeds and version updates, it’s as if you made no investment in the first place. All the security tools in the world are useless if they aren’t applied correctly and updated regularly. Vulnerability and threat management programmes start with understanding your assets and their criticality. You must ensure threats are being watched around the clock, and then notify asset owners near real-time of actions required to keep the systems updated and protected. The last part (which seems to get lost) is verifying compliance and holding asset owners accountable for the integrity of those systems.
- Don’t be afraid of profiling. Vendors need to monitor customers' threats and profile the network characteristics in real time to detect anomalies as they show up. With the ongoing advancements of security technologies, baselining environmental behaviour is much easier to accomplish. Aggregating log data from multiple sources coupled with security analytics and machine learning are the newer methods to detect advanced attacks. There’s really no excuse for not knowing what is going on in your environments.
Dealing with cyber security breaches is only going to become more commonplace in the years ahead. But with the enormity of the Equifax breach fresh on our minds, there are no longer any excuses for failing to take every precaution to protect your own assets.