Securing business data

White Paper Article

How Equifax suffered one of the biggest cyber breaches in history

by Giulia Foss | 21 Sep 2017

The Equifax breach has not simply been the talk of the cyber security community, it’s been discussed globally across multiple forums, hitting multiple headlines and ultimately affecting millions of people.

The breach is purported to be one of the biggest and worst in history with more than 143 million US customers and over 400,000 UK customer’s data hacked. With the sheer magnitude of this attack, it stands to reason that the attention it has gained has been seismic.

The question is, what went wrong and how could a company of such epic proportions, suffer such an epic failure?

It’s not the first time

Although the publicity around the May breach has been huge, Equifax had experienced an earlier breach in March, which was only truly brought to light following a report by Bloomberg. This would appear to be an indication that Equifax already had gaps in their security that were open to exploitation. However, the company’s most recent statement regarding these incidents does appear to dispel the idea that there was an ongoing systematic vulnerability “The March event reported by Bloomberg is not related to the criminal hacking that was discovered on 29 July,” Equifax’s statement continues. “Mandiant has investigated both events and found no evidence that these two separate events or the attackers were related. The criminal hacking that was discovered on 29 July did not affect the customer databases hosted by the Equifax business unit that was the subject of the March event.”

According to the FBI, since January 1, 2016, more than 4,000 ransomware attacks have occurred on a daily basis (on average). This is a 300 percent increase from 2015, when 1,000 attacks occurred daily. These figures paint a stark picture of the current climate, companies are under attack more than ever and disruptors range from the rudimentary hacker working alone from a bedroom, through to the criminal networks operating at a high level. The vast increase in attacks also demonstrates another important shift, as opposed to attacks being directed at specific entities (which of course does happen) the vast majority of hackers operate by playing a game of odds. Hackers know if they perpetrate enough attacks at random, at least one will be successful due to a weakness or gap. As soon as a weakness is discovered it can often be catastrophic for the company on the receiving end.

The importance of patch work…

With increasingly sophisticated attacks on the rise, the ability to quickly mitigate network vulnerabilities is imperative. If left undetected, vulnerabilities pose a serious security threat to customers by leaving flaws available for criminals to exploit. And this is where Equifax fell down. Days after the breach was leaked to the wider public, a discovery was made that Equifax’s Apache software was missing a vital patch. The result of this oversight has had wide ranging implications, not simply for the customers who’s data was breached, but also for Equifax’s chief information officer and chief security officer. Both parties were made to leave the company with immediate effect. Although swift action was taken against the employees, Equifax said its security officials were “aware of this vulnerability at that time, and took efforts to identify and to patch any vulnerable systems in the company’s IT infrastructure”.

What now?

The proliferation of cyber attacks means that events like this will become more and more common. Many companies are doing what they think is right in order to keep the risk of a breach at bay, employing people that can fulfil the relevant roles, such as CIOs and CISOs. This is one measure against a complex and multi layered threat. Without looking at cyber security holistically and taking into consideration technological infrastructure, systems software and culture, the battle is lost. The job is an immense and wide ranging one and having a handful of people to take on a mammoth task, is tantamount to using a teacup to empty a sinking ship. It takes time and money to be safe in this day and age, but not taking cyber security seriously is far more costly.

How could Equifax have avoided this hit?

With workloads increasing for IT departments globally, something has to give! Managing the day to day whilst keeping a meticulous eye on multiple networks being attacked numerous times is an impossible feat. The reality is many companies are now looking at Managed Security Services, combining  a mixture of cyber security experts constantly monitoring  client networks aided by cutting edge software. If Equifax were to successfully evade this kind of attack they would need dedicated resources that were focused on monitoring their networks 24/7 365 days a year.

Managed Services teams can provide this level of service, they focus on known security problems such as unpatched, insecure or poorly configured software, open TCP ports, etc.

The benefits of this kind of service are immeasurable allowing clients to:

  • Keep up with Software Patches.
  • Gain and maintain full awareness of critical assets.
  • Identify which assets are vulnerable when doing incident response.
  • Be aware of vulnerabilities requiring immediate attention are flagged
  • Ultimately mitigate their risks

If you’re worried about the increasing risks posed by cyber threats, we’re here to help. With dedicated managed security services looking after some of the country’s most important networks, including the public sector, we are best placed to protect you against the ever-growing risks posed by cyber-attacks.

If you would like to discuss your cyber security readiness contact us on info@cnsgroup.co.uk or call 0207 592 8800

call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere