The Equifax data breach news is a bit of a shocker for most people. Roughly 143 million Americans were affected by this breach. This is most of the US adult population. The highly sensitive data that was leaked included social security numbers, home addresses and credit card information of Equifax users. And what caused this massive security breach? Improper patch management practices. It was announced that the Equifax data compromise was due to the failure to install the security patches provided in a timely manner.
So, What happened Equifax?
Equifax stated that the, “Data breach had exploited a website application vulnerability known as Apache struts CVE-2017-5638. Apache struts is a free, open-source framework for creating web applications. The Apache vulnerability was announced on March 7th, 2017; the same day the patch was released. It is stated that the Equifax data breach started in mid-May through July. This is a two-month period between the patch release date and when the breach occurred. During this time-frame, the company failed to deal with the problem which could have simply be fixed by patching the vulnerability.
Equifax is a large organization that most certainly was spending money, time and resources on securing their customers’ data – but yet, they still fell victim to an attack. This should be ever-so concerning to small- and medium-sized businesses as well. If a threat actor can hack into a $3 billion dollar company, what stands in the way of a smaller company with less security resources? This situation should raise one simple question to every IT decision maker out there; Are we doing enough to secure our organization? It is important that organizations are evolving their security procedures constantly and getting involved with security experts at a security service provider. They will be able to supply a multi-tiered defense solution that will protect your remote users to your servers.
We have seen similar security breaches in the past; look at WannaCry and Petya. Organizations have waited too long to patch vulnerabilities and threat actors have been able to take advantage of this – causing havoc and loss of a lot of money. There are many lessons that organizations can take away from these data breaches,such as: Patches aren’t an option, businesses are a key target, and you must tighten your security practices from the inside out.
Data breaches are very dangerous. Very often threat actors will sell the database of sensitive information on the Dark Web to other attackers so they can perform targeted attacks and other malicious activities. While just alone the data breach is extremely dangerous to all the affected users, it can open up a whole new wave of malicious activity.
For far too long, businesses have placed best security practices, preventative actions, and detection services off their radar. Many organizations are dealing with barriers such as budget constraints and lack of expertise, but these cannot stop your organization from tightening your security posture. The Equifax breach serves as a painful reminder that security must be continuously managed and doing otherwise is simply negligent. Contact us today for more information or a free security consultation.
It’s time to finally say, Happy Holidays! While the holiday season is for spending time with your family, eating way too much, and spreading the holiday cheer, it also signifies that the year is coming to an end. And, we’ve all heard the cliché saying, new year new me, right? Well, as you might have … Continue reading “New Connections: An Introduction to Magna5”
In the recent Solarwinds MSP Cyber Preparedness Survey, Solarwinds surveyed 400 Small- to Medium-Sized Enterprises. This survey investigated the cyber security preparedness, experiences and failings of these organizations to better understand what we can be doing to better protect critical information. The headlines of all the attacks this year are enough to scare people to … Continue reading “7 Pitfalls That Are Hindering Your Cyber Security”
FOR IMMEDIATE RELEASE Contact: Anne Clarrissimeaux Communications Manager Magna5 firstname.lastname@example.org 214-552-0910 MAGNA5 ACQUIRES NETSERVE365 Fourth acquisition in 18 months strengthens PaaS, IaaS, UCaaS services portfolio with addition of award-winning network and server monitoring and management, cloud hosting and managed IT security services Pittsburgh (November 16, 2017) – Magna5, a portfolio company of NewSpring … Continue reading “Magna5 Acquires NetServe365”