Global information solutions company Equifax is making headlines around the world with news of one of the biggest data breaches in history, affecting as many as 143 million people in the U.S., and as yet undisclosed numbers in Canada, UK and Mexico. The incident makes Equifax the latest addition to a growing list of companies that have fallen victim to massive cyber-attacks.
The breach happened between mid-May and July of this year and Equifax has reported that the stolen records included people’s names, Social Security numbers, birth dates, addresses, and in some cases, driver’s license numbers.
How did it happen?
Equifax has confirmed that the cyber criminals behind the attack, “exploited a U.S. website application vulnerability to gain access to certain files.” The vulnerability was in Apache Struts – a popular Open Source framework for building enterprise-grade web applications in Java. The bug allowed hackers to remotely execute arbitrary commands to gain access into Equifax’s network and scan their database.
It has also been confirmed that Apache issued a patch for this vulnerability on March 7, 2017, the same day it was announced. And the National Institute of Standards and Technology (NIST), which regularly releases various alerts and patches for vulnerabilities, announced the patch on March 10, 2017.
Today, effective security for any organisation is a factor of both the security infrastructure and the associated operations processes. Attacks such as the ones we have seen recently can be attributed more to the fear of application downtime or the fear of business impact that prevents organisations from getting to the latest patch level in a timely manner. Other probable reasons for delaying updates may be:
Protecting your enterprise
The clear call to action for enterprises is to equip themselves to detect and defeat external and internal attackers in real-time with these best practices:
So, looking ahead from the Equifax incident, the focus in the immediate term should be to effectively manage all security systems for potential vulnerabilities and maintain swift remediation practices. Working with a specialised services partner who can prioritise and deliver security patches and build additional safeguards for protection and detection measures in a risk-sensitive manner is the best way to do this.
However, on an ongoing basis, any enterprise needs to evaluate its security posture regularly, and bolster it through effective managed security or specialised services.
Tata Communications offers Managed Security Services that deliver measurable and effective protection against breaches. Speak with an information security expert about strengthening your defences today.