Equifax Breach: What does it teach us about IT security?
October 3rd, 2017 by admin
The 2017 Equifax hack is teaching a painful lesson about the necessity of businesses keeping up with software patches for IT security and to avoid catastrophic damage. The hack, which resulted in potentially exposing the financial information necessary to steal a person's identity for 143 million U.S. customers, could have been easily avoided if the company had applied a patch to fix the exploited software vulnerability. This event highlights the importance of patching software in IT security. Applying an update which takes relatively little time can make the difference between business as usual and potentially bankrupting your company.
What Happened?
According to CNN, Equifax failed to apply a software patch to a widely-used tool called Apache Struts, which the company uses for its online dispute portal. The patch in question addressed an established, known security exploit in the software. Running software without applying existing security patches is widely considered the number one biggest cybersecurity risk for both businesses and consumers because hackers know just where to hit.
Hackers took advantage of Equifax's lack of speed in applying the patch and had a two-month window to break through the company's online defenses and steal confidential information. The exact information the hackers stole from each customer varies but included items like Social Security numbers, driver's license numbers, addresses, and birth dates — all of which could be used in identity theft.
Why Should My Business Care?
- A hack can financially destroy your company: According to TechRepublic, Equifax is looking at a $20.2 billion price tag for repairing the hacking damage, which is a full $8.3 billion more than the company's market valuation.
- Lawsuits may follow: As of mid-September 2017, Equifax is facing 23 class action lawsuits over the hack. One of the lawsuits is seeking $70 billion in damages.
- Executives may lose jobs: In the case of Equifax, a CIO and a CSO are retiring or otherwise leaving the company because of the security breach.
Patch Software for IT Security: Current Changes as a Solution
Unfortunately for those looking for a quick fix, the solution doesn't come from the machines, but rather the people who use and maintain them. Major hacks like the one against Equifax are a reminder that businesses need to hold IT staff accountable for patching software: it's not something done when convenient, but on a regular schedule or as soon as possible.
If your business doesn't want to end up like Equifax, your IT staff should make patch implementation a priority. Making security a higher priority means paying closer attention to when your vendors and software providers issue updates. Your staff can ease the process by applying automatic patching whenever possible and picking a light workday to run regular updates on all machines.
The IT consulting experts at ATS can help answer your questions about IT security and how to keep your business safe. Services like desktop support and management emphasize protecting your staff's devices from security threats through regular patch maintenance. Contact us today! We work with businesses in San Francisco, and throughout the East Bay and South Bay.
Posted in: Security