Back in July 2017, the public was shocked. At the time, Equifax revealed a massive breach of data affecting more than 140 million people, and the data that was stolen remains frightening to this day: full names, dates of birth, social security numbers, credit card numbers, and even driver’s licenses. Even as a settlement has been reached, the breach will continue to impact people for years to come.
While many people ask what they can do to protect themselves, the “How” of the hack quickly disappeared into the initial news fury. In short, the New York Times said, “Criminals gained access to certain files in the company’s system from mid-May to July by exploiting a weak point in website software.”
From the Equifax disaster, here are two things to point out that show how your weaknesses define the strength of your cyber security.
- It took the company weeks to realize the hack happened. Here’s the timeline. Hackers gained access to the data in May 2017. Equifax discovered the breach on July 29. The company announced it to the public on September 7. Hackers had access to do whatever they felt like with a ton of sensitive data for more than a month! Equifax didn’t have a clue. Then, when Equifax finally found out, it took the company over another month to tell the public. Why? Was it working on a scheme to try and save the company’s reputation? Was it unable to figure out what data was compromised? Did employees not know how to shut down the access and waited to figure that out? Who knows. But we do know that this points a whole lot of fingers at structurally unsound security.
- Equifax didn’t respond to previous breaches. A little further into the details of the New York Times’ reporting, it turns out that Equifax was hacked in 2016, as well. At that time, cybercriminals stole W-2 and salary data from the company’s website. And then (because that’s not enough to warn the company about some major issues with data protection), it was hacked again in early 2017 through a subsidiary. Thieves stole additional W-2s at that time. Equifax failed in so many ways, such as not fixing website security flaws as soon as weaknesses were exploited and neglecting to set up multiple layers of control for online accessible information. The truth is, every company is vulnerable in some way. Cyber security must be ongoing and evolving actions. Businesses and individuals must be vigilant in constantly reviewing procedures, logging access, securing networks, training individuals, and reviewing disaster recovery plans.
Businesses that suffer a data breach must deal with the ramifications for many years to come! Most businesses don’t survive and end up going out of business themselves. Join our next webinar to learn how your business computers and servers can be made to withstand the next attack – now and in the future. www.AppGuard-Demonstration.com