On March 14th, 2017, Equifax discovered an exploit that allowed malicious code to execute within an XML request submitted in a user field, fully unrestricted. Soon after the exploit was discovered, Equifax added new preventative rules to their intrusion prevention system to not only detect vulnerabilities but also to see if they could be exploited.
Sounds like the right approach to IT security, right? Not quite. One of their major oversights was that they did not have an effective asset inventory, and as a result, they were not able to realize nor detect the vulnerable version of Apache Struts that had been lurking in their network for months.
On September 7th, 2017, almost six months after they discovered the exploit, Equifax suffered a significant data breach from an open-source vulnerability within the Apache Struts framework. This breach cost Equifax over $600 million in monetary losses, with only $125 million covered by “breach” insurance.
This Equifax fail is a great example of what can happen when you don’t have a comprehensive asset inventory/management program in place. With cybersecurity incidents at an all-time high, it’s crucial, now more than ever, for any size business to have a full understanding of all IT assets in their environment.
Although there are many lessons to be learned from the Equifax data breach that can help you on the road to strengthening your IT security program, here are our top three takeaways.
- You can’t effectively protect your network if you don’t have the full picture of what you’re protecting. Being able to accurately locate and isolate any given piece of vulnerable hardware or software is crucial for managing legal, security, and business risks.
- An effective SAM process allows you to take corrective action as soon as possible. When vulnerabilities are detected, an automated SAM process allows you to quickly tie software solutions and hardware (like laptops, servers, networking equipment, etc.) to user accounts. This will ensure that no active vulnerabilities go unnoticed or unpatched.
- Make sure your company’s IT security is up to industry standards. Standards, like ISO and NIST, are your “true” points of reference when it comes to securing your company’s assets. Routinely checking to ensure you IT processes comply with at least one of these standards will help you stay on the right track or help you make any necessary corrections.
Remembering these three simple lessons when building your IT security processes will help ensure that your security asset management program is built on a solid foundation. At the end of the day, the most important lesson learned from the Equifax breach is that not having enough visibility and awareness into general inventory and IT processes can transform a simple patch update and turn it into a multi-million-dollar loss within a few months time. In short, visibility and awareness are the keys to guarding yourself against major problems.
How can we help?
Anglepoint has various services to help your organization implement and maintain a successful IT security program. If you would like any guidance or support, please reach out to us and schedule a time to talk with one of our IT security experts.