Lessons learned in the five years since the Equifax data breach

Hindsight is 20/20. Almost five years ago, Equifax announced that it had been breached and that the sensitive data of over 148 million people, about 56% of Americans — including names, home addresses, social security numbers, driver’s license information, etc. — had been compromised. There were an additional 209,000 credit card records leaked as well. While there have been larger-scale attacks since then, Equifax was unprecedented in its time. Instead of taking a critical approach, the Equifax breach has taught and will continue to teach, essential cybersecurity lessons that can help business leaders protect their customers even better moving forward.

So what happened?

As a reminder, in March of 2017, Equifax, one of three major credit reporting agencies (CRAs) in the United States, was informed of a vulnerability in its system that potential hackers could exploit, but the company failed to install the necessary patches. Six months later, in September, they announced that hackers did penetrate the vulnerability, consequently leaking massive amounts of sensitive information.

Five years later, a settlement reached with the FTC, Consumer Financial Protection Bureau and 50 U.S. states and territories has just been finalized. The agreement offers up to $425 million and free four-year membership in Experian Identity-Works, which assists with identity theft, to help those affected.

What can be learned from this?

While Equifax knew about the vulnerability, the lack of urgency to install the patches left them doomed once hackers decided to attack. Cyberattacks, while now very common with a 62% year-over-year increase, previously left organizations with the thought that it might not happen to them. Now with cybercriminals being capable of penetrating 93% of company networks, it demonstrates that not only are more organizations more vulnerable than they probably think, but that without the proper proactive security measures in place, they could very well be the next victim. It is truly a matter of when, not if.

Proactive versus reactive

A reactive strategy is just as it suggests, having a plan in place for when something happens. In the world of cybersecurity, this could be insurance, disaster recovery systems or other back-up options. While it’s not inherently bad to have those in case you need them, they shouldn’t be your go-to line of defense.

By contrast, taking on a proactive approach can spare a ransomware hangover resulting in possible consequences of encrypted or lost data, downtime (and the cost associated with it), damaged reputation and the amount of work it takes to return to business as usual. In the case of Equifax, it cost them all of those and more with a multi-million dollar settlement and years of legal fees. Had they taken the proactive opportunity to install the necessary patches, they could’ve avoided this whole ordeal.

What are my proactive options?

If you haven’t already, there’s no better time to implement a zero trust approach. Since organizations are vulnerable not only from outside hackers, but bad actors and insider threats, this approach works just as suggested: by default, no one is trusted regardless of where they stand in a company. Especially as things like ransomware-as-a-service (RaaS) have entered the market, and cybercriminal groups are heavily recruiting from inside their target organizations, trusting no one is really the only option.

Always make sure your vulnerabilities are patched as soon as you’re made aware of them. As mentioned above, cyberattacks are no longer an if, but a when situation. Taking immediate action can prevent you from the pains that Equifax had to endure.

In addition to implementing a zero trust approach, finding the proper proactive security features can help you protect your organization automatically. With file-based threats on the rise, and with approximately 1 in every 100,000 files containing potentially malicious content that can take up to 18 days to be detected by antivirus software, a content disarm and reconstruction (CDR) can be a simple solution. Not only can CDR technology instantly clean and rebuild files to match their ‘known good’ manufacturer’s specification, automatically removing potential cyber threats that could be attached, but it can also help spot zero day threats that might go undetected. This strategy ensures that every document is safe without sacrificing productivity or risking the damage threats could do once they’ve entered the system.

While breaches, such as Equifax, could have been prevented, every cyberattack helps others learn how to better protect themselves in the future. Don’t take a passive role in protecting your organization, but rather be ready and proactive so you’re less likely to deal with the headache that can come along with it.

Paul Farrington is Chief Product Officer at Glasswall. Driven and energetic executive with 20+ years of experience in developing SaaS software products, Farrington guides the strategic direction of product portfolio and development team at Glasswall, bringing huge expertise and energy to his key leadership role.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.