A number is just a number unless we put it into perspective. How much really is 143 million people? The population of the United Kingdom is around 66 million, and the population of Russia is around 146 million. The population of the United States is 325 million, so the Equifax Data Breach has potentially impacted more people than whom lives in the United Kingdom. And it’s almost impacted half of the population of the United States. Let’s take a deep breath, and soak in these astonishing numbers.
Equifax is one of the largest credit reporting agencies in America. On the afternoon of September 7th, the company announced that important information had been stolen in a massive breach. Apparently, the breach was discovered on July 29th, but it took over a month to announce the incident to the general public. Serious files were breached by hackers, who helped themselves to a large amount of personal information including names, dates of birth, Social Security numbers and addresses. Even worse, the company has reported that an additional 209,000 actual credit card numbers might be surfing the Dark Web as we speak.
What makes this different than other data breaches is the large amount of sensitive data left vulnerable. We’re talking credit card details, e-mails and social security numbers. The hackers reportedly accessed the information through a security flaw on the Equifax website. This information could potentially be abused by criminals taking out new loans, or issuing new credit cards with the stolen credentials.
What can we learn from this massive data breach?
In addition to the scope of those affected, the Equifax breach stands out due to the large amount of time that company officials took the report it to the general public. It took over a month! It took a month to report this breach, and many employees didn’t know about the incident even days after the event occurred. However, a few senior executives did know of the breach, and it was seen when they sold $1.8 million dollars worth of shares days after. That important information didn’t seem to get very far. When events like this occur, it’s moments like this that companies need to lean into the problem and not be afraid to report the incident. It’s time to put aside the brand image, and step up to the mistake. Much information can be learned from system vulnerabilities, and by giving out the information freely, other companies can look quickly for the same vulnerabilities in their own network.
Further, the nature of the breach was through a weak link in the website, but this tells us that Equifax was putting their data on unsecured endpoints. Rick McElroy from ITSecurityGuru.org sums this up nicely:
“Too many times when it comes to data protection we focus too often on the network and not enough on the data. When we do focus on the data, we focus on malware and not enough on attacks. Attackers will use any and all methods they can (typically the cheapest and fastest) to gain access. You need solutions that provide the full end-to-end picture of an attack.”
Further, he goes on to quote that visibility is key to detecting a threat or breach quickly and taking care of it quickly.
“You cannot detect what you cannot see. It’s that simple. You need the right data to detect and prevent these types of attacks. Without it, what shot do you have? If you don’t have it, go get it. Remember, you are operating as if you are already breached.”
In order to make this last point valuable, you have to have data and lots of data. You don’t only need the data, but you also need to be able to analyze the data effectively to look for patterns of inconsistency. With this, you can create a ‘normal’ line of behavior of company systems, data and employees. Teramind offers the opportunity to do this through effective employee monitoring and insider threat services.
There you have it, the Equifax data breach is the latest in a year of data breaches. As the story unfolds, we’ll continue to offer solutions and analysis on the subject. Right now, Equifax has offered a dedicated website to the data breach further explaining the situation, answered questions, and free credit monitoring services and more. However, go at your own risk. The website again asks for you to enter sensitive information.