Cyberlytic news

Detecting security breaches in good time will save the day – Equifax and lessons learnt

You may have heard. 143 million US consumers have been potentially affected by the Equifax data breach. An undisclosed amount of UK and Canadian residents have also been affected. It is not the largest breach of all time but it has been deemed by some for being possibly the worst data leak for a number of reasons.

Hackers exploited a website vulnerability to gather access to files containing personal information. Flaws in Apache Struts, open-source server software, may have led to the breach. This information includes social security numbers, birth dates, addresses and full names. This data is all highly valuable for criminals looking to steal identities for fraudulent purposes, such as taking out loans or insurance.

The time it took Equifax to notify the world of this breach was over five weeks, raising questions over the speed of their incident response. Fast, accurate detection of security breaches needs to be key in an organisation of Equifax’s size. This shows that it is not just about resources and security budgets, but how budgets are spent and how security is maintained.

Advanced web threat detection can be achieved through real-time monitoring of traffic, searching for anomalies within it and a dynamic alerting system. It is not yet clear how Equifax discovered the breach, but it is clear that it took them some time. It’s important for businesses to look beyond the old thinking of network-based perimeters as the be-all and end-all of security. Perimeter security is not enough for securing information and will not protect against web application vulnerabilities. 

In order to determine unusual web interactions, security software should be able to identify abnormal server responses, in turn classifying web attacks by their level of risk. Dependent on the level of risk, security operations should be alerted, removing the treacherous task of going through logs and hundreds of minor attack alerts per day. Prioritising threats by their risk is imperative to defending an organisation from hackers. Without it, security is a guessing game and there is no way to easily cut through the noise. 

Detection of breaches is taking too long, not just in the case of Equifax but for many companies worldwide. If detection takes place early on, less data is likely to be exposed to attackers. Security professionals know that companies will be attacked and are never 100% protected. Minimising the damage of an attack is what can set breaches apart and it is early detection that leads to a better, more timely response.