Resources.

Articles

Security

Equifax Security Breach: Could It Have Been Prevented?

Share on FacebookTweet about this on TwitterShare on LinkedIn

Zero Day Exploitation, otherwise referred to as Zero-Day Vulnerability, is defined as a security hole in software. Unknown to the software developer vendor, this hole can then be maliciously exploited by hackers before developers have an opportunity to “patch” the attack.

Zero Day attacks include infiltrating malware, spyware, or allowance of unwanted access to user information. The race is on as software developers attempt to rectify this vulnerability by releasing a fix—often called a ‘patch.’

Patches are released on a regular basis. For example, On the second Tuesday of each month, Microsoft releases security fixes that resolve identified holes. However, if a critical vulnerability is discovered, a patch may be released immediately.

Was The Equifax Zero Day Exploitation Preventable?

Credit monitoring service companies such as TransUnion, Experian, and Equifax have a security reputation to uphold. Recently, Equifax’s secure reputation has been challenged.

Thursday, September 10, 2017 some 143 million Equifax user identities were compromised by hackers. Social security numbers, personal addresses, 209,000 credit card numbers, and driver’s licenses might be up for grabs. Was this error due to poor prevention planning for Zero Day vulnerabilities? Internal system failure? Or, are platform hackers becoming smarter than our organization’s best IT teams?

Current weather disasters throughout the nation, such as the most recent Harvey and Irma category five (5) hurricanes, have been no less than catastrophic. The cybersecurity vulnerability of automotive, construction, engineering, education, health/medical, and government networks remain susceptible to attacks. Our internal technology networks are just as crucial to protect as our external structures.

In many cases, much like we need to prepare for and recover from hurricanes, we are failing to do two critical things in cybersecurity: 1. Prepare for events by applying concepts of basic cyber hygiene, and 2. Enable organizations to better respond to and recover from events by considering cybersecurity needs as an integral part of the enterprise and not as solely the concern of information technology (IT).”  —Summer Craze Fowler, Technical Director of Cybersecurity Risk and Resilience at Carnegie Mellon University’s CERT Cybersecurity Division of the Software Engineer Institute, Opinion Contributor for The Hill

A breach in cybersecurity is just as tragic to our nation’s economic structure. Organizations become increasingly exposed to the elements. During times of environmental and economic attack, lives are on the line—especially in hospital systems.

Organizations need to remain diligent from cyber threats. Memorial Hospital of Tampa, Florida moved its most vital physical assets to higher floors to avoid flooding—a resilient effort in the face of a potential storm surge. Technology preparation like this hospital’s preemptive steps are the best prevention plan in order to safeguard against future data breaches.

Equifax Zero Day Exploitation = Zero Trust

People’s identities are in jeopardy due to this massive Equifax identity breach. How can an organization with such magnitude and security protection become vulnerable to attach? Was Zero Day Exploitation to blame? Were preventative cyber steps taken to avoid this IT disaster?

Cybersecurity is dangerous. Years after the identity violation, mortgage loans can be opened in your name and your credit stature can be ruined forever, despite honest efforts to freeze your credit. (As if getting a loan wasn’t hard enough.) And, the black market for selling stolen credit information is a vicious monster. Felons could swap out your gleaming good character with their dark criminal identification, and authorities could go after YOU, not them.

Did Equifax Have Cybersecurity Solutions In Place?

Millions of people’s lives are now shattered due to a possible lack of preventative IT measures.

The public is outraged with Equifax, leaving many victims with unanswered questions. How can a trusted brand name that hosts all your credit information be broken into? If a company as “secure” as Equifax can be hacked, what other companies are susceptible? Did Equifax executives know their own cyber risk?

Equifax customers are turned upside down by the company’s feeble solution to this problem: a website where people can check to see if their identity profiles have been affected.

Equifax’s after-the-fact-damage-is-done solution website is raising eyebrows and has even been ridiculed on late night television shows.

In order to assess identity damage, you’re prompted to sign in (with partial social security number digits). Once inside the system, you’re notified that ‘you are’ or ‘you may be’ affected. Then, you’re asked for further personal information.

Many people are filing lawsuits against Equifax.

But, apparently by signing into their program, you opt out of being able to file a lawsuit. In addition, you’re asked to write a letter if you want this clause considered for amendment. Check to see if your credit information is at risk from an already compromised system, yet give us your social security number again…Huh? Needless to say, the solution request hasn’t gone over well.

Without a preventative cybersecurity solution in place, your organization’s brand could be destroyed forever. Not to mention, you’d have a public relations nightmare on your hands.

Risk Based Security tracks data breaches worldwide. They estimate that more than 2,200 data breaches occurred in the first half of 2017 alone. Cyber incidents are widespread because of vast online exposure. A single method of entry has the ability to start a chain of events that leads to a data breach.

CyberSecurity Has Been Shaken To The Core: Prevention Is Key

Cyber risk has become a paramount threat to both citizens and enterprises alike as products and processes become globally interconnected through technology. We seem to react to a catastrophe breach—after it has occurred, but what are we doing NOW to prevent a cyber attack from happening?

If your organization doesn’t have solid industry IT solutions in place, or if you don’t perform regular prevention monitoring protocols, your organization and customers could fall victim to a cyber catastrophe too.

Whether you’re within a huge corporation or you own a small business—you need to be wise when implementing sound cybersecurity measures. You owe it to your customers. No matter how high your IT risk tolerance is, you need to protect your organization from enterprise collapse.

Cybersecurity is a must. With increased security breaches, your firm needs to be prepared for the worse case scenario and equipped with its best prevention plan. Protect your organization against a crippling breach of security and brand decay. Time doesn’t wait for evil hackers to strike—submit our CTC Technologies form today. CTC has prevention solution professionals ready to take your call: 734.408-0200