The Equifax Breach – Constant Surveillance is Key
- Attackers gained access initially via a vulnerability in the consumer complaint web portal. The vulnerability was supposed to be patched out, but due to negligence in the internal processes, wasn’t.
- As systems weren’t adequately segmented from one another, attackers were able to move from the web portal to other servers and were able to find usernames and passwords stored in plain text, allowing them to further access other systems.
- Equifax had crucially failed to renew an encryption certificate on one of their internal security tools. As a result, attackers were able to pull data out of the network undetected for months.
- On March 15, Equifax’s IT department apparently ran a series of scans aimed at identifying vulnerabilities and unpatched systems; however, none of the vulnerable systems were flagged or patched.
- Constant updates and consistent monitoring
There is a need for staff to constantly communicate with data systems and monitor for anomalies and vulnerabilities. Constant updates of the systems and a functioning software to conduct vulnerability assessments are also essential.
- Importance of Agile Methodology in frameworks and processes
Agile methodology should be adopted in internal processes. Agile methodology emphasizes adaptiveness, collaboration, flexibility, continuous improvement, and high-quality results. Some of its best practices include:
- User Stories – A tool used to explain a software feature from an end-user perspective, it helps to create a simplified description of a requirement by picturing the type of user of the product, what they want, and the reason(s) for it. For instance: As a [role], I want [feature], because [reason].
- Automated Tests – Performing automated tests keeps the team informed about which of the code changes are acceptable, and whether or not a functionality is working as planned.
- Continuous Integration – It involves keeping the code up to date by producing a clean build of the system few times per day. With a rule stating that programmers never leave anything unintegrated at the end of the day, it enables the delivery of a product version suitable for release at any moment.
- Importance of implementing an incident response plan and disaster recovery plan
In the unfortunate event that a breach occurs, implementing an incident response and disaster recovery plan is essential. This ensures that the organization and all its employees are prepared to respond swiftly and recover quickly. It is crucial to contain the breach, isolate it, prevent attackers from assessing other parts of the system to prevent further leaks of data and mitigate the damage done.
Aftermath 2 Years On
Enjoyed this article? Curious to find out how you can better protect your organization, data systems and critical accounts in the event of a cyber attack? Contact us now for an in-depth consultation to obtain cyber security measures best tailored for your needs. MWG team will work with your employees, train them in cyber security awareness and guide them in adopting the appropriate cyber security skills in their work processes.