Just more than a year ago, in July 2017, Equifax discovered on its networks what would soon be known as one of the worst data breaches in U.S. history.
A few other cybersecurity incidents had been larger in terms of number of people affected or number of records exposed. But the extremely personal nature of the data exposed made Equifax’s breach significantly more threatening than incidents many times larger (e.g., the Yahoo Mail hack). Many of the people affected weren’t even direct Equifax customers; they had no choice in making their data available to the credit-reporting agency.
Worse: The breach uncovered a lax approach to cybersecurity that’s completely inappropriate for an organization handling such highly sensitive information. You’d think it took sophisticated maneuvering for a hacker to gain access to Equifax’s servers. Not so. For two months, a patch was available that would stop the bug that allowed the hackers to gain access. Records were sitting unencrypted on Equifax servers. And following the incident, Equifax’s response was a disaster – the company failed to offer adequate options that would allow consumers to protect themselves
Equifax not only has racked up a bill or more than $243 million in breach-related expenses, but also been seriously downgraded in terms of public trust.
The company has installed new leadership to helm its security efforts and is taking steps to make data protection a top priority. Also to its credit, Equifax has focused on repairing previously lacking security fundamentals rather than seeking out a “magic bullet” to solve its security woes.
For Equifax, improvement of the fundamentals includes implementing better processes, acquiring tools for assessing and managing vulnerabilities, improving identity management controls, hardening the perimeter and strengthening its patch management. That said, these aren’t uncommon problem areas, so chances are your business or organization could take cues from the same post-breach cleanup Equifax has undertaken.
Lunarline helps companies of all sizes get the fundamentals right.
Our suite of solutions and services includes industry-leading training programs, network design and risk assessment support, not to mention cybersecurity tools to make core processes simple and automatic. Better still: They won’t cost you anywhere even close to the $243 million Equifax has shelled out for its cybersecurity “education.”