Whether it’s ransomware or data breaches, the numbers involved in cyberattacks keeps growing to staggering proportions. Last Thursday, the consumer credit reporting giant, Equifax, publicly announced that hackers had breached their network back in mid-May. The hackers then spent the next ten weeks accessing the personal information of 143 million Americans within their database, as Equifax did not discover the breach until July 29. The hackers accessed sensitive information including names, social security numbers, birth dates, addresses, and the numbers of some driver's licenses. In addition, the credit card numbers of approximately 209,000 U.S. customers were exposed as well. The scope of this security breach is massive.
One of the aspects that makes this data breach unique is the fact that the people affected by the breach are not “customers” of Equifax in the traditional sense. Equifax is one of three major credit-reporting agencies that draws its data from credit card companies, banks, lenders, retailers and just about any institution that reports on the credit activity of customers to consumer credit agencies. While the vast majority of those afflicted are U.S. citizens, not everyone is. Citizens of both Canada and the UK were also affected. In fact, Equifax holds credit information for over 44 million residents of Great Britain as well.
It is yet unclear what the culprit for the breach actually was. Current unsubstantiated reports target the blame at an open-source Apache server software application. In addition to the apparent uncertainty as to how the breach occurred are a number of other issues that are drawing harsh criticism. Although Equifax announced that they would be contacting all affected parties by mail, they have temporarily implemented a website, https://www.equifaxsecurity2017.com which people can check to see if they are impacted. Unfortunately, the site resides on a simple WordPress site. While this is perfectly suitable for a “read only” information site offering information concerning the breach to customers, the site prompts users to input the last six digits of their credit card number. Even more comical is the fact that some Internet browsers and web filters were initially blocking the site, issuing a warning that it could be a suspected phishing threat based on irregularities in its functionality such as issues with its web certificate.
Of course, Equifax is not the only site to have been breached this year. According to a security report, there were 2,227 publicly disclosed data compromise events for the first half of 2017. This includes a breach of the Women’s Health Care Group of Pennsylvania in which 300,000 patient records were compromised. Hackers began infiltrating that database back in January of this year. Ironically, the breach was discovered in June as a result of an investigation concerning a ransomware attack that took place on May 16. Stolen data included social security numbers, birth dates, insurance information and sensitive medical history.
What Can We Learn from Equifax and Other Data Breaches?
As frequently as these types of hacking attacks seem to occur today, they can serve as case studies that the rest of us can learn from.
Shorter Time Windows
When evaluating breaches such as the Equifax incident, it is obvious that there needs to be significant improvements to the time it takes to both identify and contain a data breach. According to the latest 2017 figures, it takes 146 days on average to detect a breach and over a month to respond and contain it. Too often in fact, breaches are discovered by third parties rather than by internal IT. Having a written and rehearsed plan of action to deal with a breach is critical as well.
It is also important to be open and upfront when communicating with those whose information has been compromised. Utilizing a PR firm that knows how to deal with the media and the aftermath of such incidents can pay big dividends later on.
Encryption of data is a MUST today. Whether in transit or at rest, unencrypted data equates to unprotected data. Data that is secured using the strongest encryption methodologies is useless in the hands of anyone that lacks the decryption key. Encryption should not be limited to just the data stored on your backend data servers. Encryption tools should be utilized for data residing on laptops, mobile devices and cloud storage as well.
Hackers do not utilize one methodology for penetrating networks, which is why you cannot rely on simply one system to secure your network. Properly securing your network means implementing a strategy of multi-layer protection consisting of an enterprise level firewall, IDS/IPS, anti-spam gateway, content filtering, anti-phishing and endpoint protection. The dependency of using only passwords to protect accounts should be decommissioned in favor of multi factor authentication as well.
Educate your Employees
In the wake of this massive hacking attack, you have to assume that the bad guys now have even more highly personal information that they can use to trick you into paying that invoice or opening that infected email attachment. It is crucial to educate your employees. Encourage them to report anything that appears suspicious or unusual. Although employees may at times be your weakest link, they are also your last point of protection.
Stay up to date on all the latest cybersecurity threats. Sign up to the TitanHQ newsletter below.