United States Senate Permanent Subcommittee on Investigations recently published a report titled “How Equifax neglected cybersecurity and suffered a devastating data breach“. It details out what aspects contributed to the data breach at Equifax and how Equifax’s competitors (TransUnion and Experian) were able to successfully mitigate the threat. The report is around 71 pages long and if you happen to have the time, I would certainly recommend going through it. However, this blog tries to capture the key findings from the report and translates these into lessons to avoid a similar incident.

Here is some background context (skip this part if you know about what happened at Equifax)

[Given the press that the incident has received, I doubt there will be many people reading this section at all but nonetheless]

On September 7, 2017, Equifax announced that it had suffered a data breach impacting over 145 million Americans. A vulnerability in Apache Struts – a widely used web application development software – facilitated the breach. The hackers who exploited this vulnerability were able to gain access to the Equifax online dispute portal and then other internal company databases.

What went wrong at Equifax:

What worked well for Equifax competitors (TransUnion and Experian):

Key lessons:

ThreatWatch collects cutting edge vulnerabilities being reported in the wild using AI algorithms running 24×7. It integrates with your asset inventory system to provide continuous and proactive vulnerability assessment for your assets in near real-time. With ThreatWatch’s revolutionary no scan zero touch approach, there is no need for scheduled scans anymore. ThreatWatch allows information to be disseminated to the right folks / groups in your organization in an efficient and seamless manner. Also, ThreatWatch provides detailed context around vulnerabilities (as below) to help you make an informed decision:

Contact us for more details on how ThreatWatch can help your organization improve its security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *