So once again a large data breach has happened. Millions of peoples’ personal data have been compromised as part of the recent Equifax data breach, and we are once again scrambling to right our personal ships. You should know that if you are over 18 years old there is a 60% chance that your data is in the possession of someone who wants to open credit cards in your name, which has the potential to wreak significant financial harm to you.
What do we know about causes of the Equifax breach? We are learning that there was a known vulnerability in the Apache software and default passwords were still enabled on systems. These indicators were known for some time, a patch was available to guard against the Apache Struts Framework where the vulnerability existed, yet no action was taken. I’ve been in the IT industry for 20 years, either in network/server operations or security roles, and ignoring things like basic patching has been going on for years. I don’t understand how companies let this continue to happen. It’s possible the Equifax breach could have been avoided by simple technical blocking and tackling, or in other words PATCHing!!
In this day and age, there’s no excuse not to patch your systems, as soon as a security patch was available. There are multiple tools to automate software updates and keep systems up to date with all the latest patches. All too often we hear that “if it’s not broke why fix it”, or “we can’t patch those systems or they won’t be compliant”, and sometimes even “our policy is to patch only once a year”. Even worse is the idea that we may know about a vulnerability, and know that a patch exists, but simply ignore it. This was the case in the most recent incident at Equifax.
Beyond basic patching, you can take another giant step toward protection of your systems by disrupting the kill chain as it involves DNS. Nearly every piece of malware must dial home, a.k.a, command and control (C&C) servers to get instructions. If you could stop that from happening, why wouldn’t you? But IT professionals seem to be either ignoring or unaware of the fact that DNS can play a larger role in protecting their infrastructure. Additionally, Infrastructure Protections Systems can monitor and report on systems with factory default login credentials (among other things), which appears to be the case with the most recent Equifax breach.
We need to take steps as a digital society to be more conscientious of the data we store on our systems, it’s literally people’s lives. Take the time and care to proactively protect this precious data and push back on those who would say we have enough protection in place. We need to be actively pushing our vendors not only for timely patching but to provide expertise on how to utilize all network security facets of the solutions they provide. We need to ask ourselves and our vendors if issues they are seeing can be used to notify other systems of those same issues, creating a vast ecosystem of shared data that can be used to make us more efficient and secure.
As the world moves toward to cloud-based services and SaaS solutions, are we doing our best to protect our data in the “cloud?” We should work in lock step with the vendors that are assisting us with those solutions to ensure that we have the utmost security focus in the forefront. We cannot assume that things are secure or that we will not be targeted.
In the end, if a breach does occur, are you ready for it? Do you have the teams and processes in place to deal with such an event? Have you worked with your vendors to come up with a cybersecurity disaster recovery gameplan? If you are contacted by a nefarious source that threatens your business, do you know what steps you need to take to protect yourself, and who you should contact (FBI, local police, etc.)? We must be working as a community to proactively mitigate these issues, and when necessary, react with swift action.
So, what can you do about this? It’s simple really, we need to monitor and protect our data and infrastructure, mitigate malware and contain threats. There are many ways to do this; I’ll break those items down in a future blog.