Equifax will be a hot topic for days to come as the forensic investigation concludes and more details are released. Much will be discussed about the need for more stringent security practices, redoubling efforts to maintain good patch management, access control and detection around web applications and understanding just who was behind this most recent breach.
But there’s a side that’s often overlooked during a breach: the individuals now at the mercy of malicious actors.
The Human Impact of a Breach
In a business context, it’s easy to focus on the specifics of a breach – who the threat actor was, how it happened, the potential damage to the company and its brand. But what we as security practitioners must also keep in mind is the impact on the individuals who are ultimately affected when data is stolen.
Threat actors compromised an environment for nearly two months, accessing PII for an estimated 143 million Americans, which translates to nearly half of the U.S. population. There were also some UK and Canadian citizens victimized, however exact numbers have not been provided. The odds of being affected are exceptionally high for each of us.
Even more troubling is that many victims of this breach may be unaware that their information has been stolen because credit agencies hold our PII data from other parties that we do business with every day.
It can’t be said enough – the scale of this exposure is massive. Nearly half of our friends, neighbors, colleagues and family members are now more susceptible to cybercrime. As cyber security professionals, we have a responsibility to not only protect our companies but also the customers who entrust us with their irreplaceable personal data.
What We Know
Reportedly, the attack vector was a website vulnerability. We come across this time and again. Websites can be ripe for SQL injections, cross-site scripting (XSS) and most often, are exploited by way of unpatched applications. This investigation should reveal the exact tactics these threat actors used to gain their way in and move through Equifax’s environment. However, this breach should serve as a reminder of the importance of maintaining strong practices around patch management and access control, as well as applying segmentation to prevent lateral movement from web servers.
Compromising a major credit reporting entity is a data gold mine for threat actors. Most of us have applied for credit at some point through one entity or another. This represents a shift that shouldn’t be ignored. Threat actors continue to get bolder – going after large, well-financed companies with huge buckets of data instead of relying on tactics against individuals and smaller institutions.
In addition, this hack shows that even the most sophisticated of organizations who have made substantial investments in security are perpetually at risk. If this doesn’t serve as a serious wakeup call for heightened security awareness across industries, I’m not sure what will.
Regardless of emerging details, one thing is certain: big companies will continue to be the ones that make headlines when breaches occur, but the millions of people affected will ultimately suffer the most as their information is potentially traded or sold on the Dark Web.
Armor has always looked at safeguarding businesses and their customers as our highest calling. We are constantly monitoring our customers’ environments to detect and mitigate threats. Our rigid policies for real-time patches and system updates, in concert with proven threat intelligence, position those under our care at a distinct advantage to thwart potential compromises that can lead to more catastrophic situations.
The primary takeaway, in this case, is that organizations entrusted with PII are more obligated than ever to ensure that security controls are diligently maintained and that websites and networks analyzed to prevent and monitor for compromise.
For consumers, it will be essential to monitor credit card charges and other financial transactions to ensure that their PII is not being exploited. Unfortunately, this will be the case for quite some time. Maybe even for many of us in the cyber security business.
As this breach unfolds, our cyber security experts will continue to closely monitor the situation and provide updates as information becomes available. We’re advising our customers, and all organizations that handle PII, to remain vigilant with security processes. Our responsibility to our customers is greater than ever. As this incident demonstrates, the only thing evolving faster than threat actors’ tactics is their ambition for bigger targets.
Be sure to check back on the Armor blog as we continue to track this breach.