Equifax Learns a $Billion Lesson

mad-face-equifax.jpgOn Thursday, September 7th Equifax, one of the three major consumer credit reporting agencies, announced that hackers gained access to company data that impacts 143 million customers.  The compromised information includes Social Security numbers and driver’s license numbers.  Days after the breach was announced, Equifax’s stock was down more than 12%.  This is more than a billion dollars in lost shareholder value.

 

Thieves are already using the stolen data

After the Equifax breach, reports show a spike in credit card fraud.  The credit monitoring company first learned of the breach in July, but it was not made public until now.  Liron Damri, co-founder of Forter, a fraud prevention service for online retailers, said he saw a 15 percent increase in the overall fraud attempts in their system in August, which is an unusual time of year to see such a spike.  Damri believes the thieves sold the financial information to turn a quick profit once they realized they were caught.

No such thing as bad publicity, but this is the exception!

Most of the articles written about the Equifax breach also talk about other famous breaches such as the Yahoo and Sony breaches.  According to The Economist, this sort of brand damage is long lasting when it comes to large established brands.  This sort of attention has caused customers to stop doing business with the breached companies.  Customers who have had their identities stolen have a much longer memory.  The lost revenue and bad publicity associated with a breach is often feared more than the cost associated with loss of the data stolen.  For this reason, companies try to keep breaches secret for as long as possible.

“There are only two types of companies: Those that have been hacked and those that will be hacked.”

Robert S. Mueller, III, Former FBI Director 

Recent cybersecurity news is all about the latest ransomware, malware, or password phishing breach.  These events tend to get the focus, but I think this is equivalent to chasing yesterday’s news, lagging indicators.  Recent events have proven a determined hacker can and will breach your network.  Even with the most advance cybersecurity in place to protect your network at the perimeter you are still susceptible to low-tech phishing scams.  This is because the human element will be a factor until the day machines take our jobs.

What does an attacker want to do once a breach starts?

An attacker wants to spread the breach to as many systems as possible and the best way to do this is through the theft of credentials.  Attackers typically use stolen credentials to spread the initial breach to critical system infrastructure.  This allows an attacker to access machines that would have otherwise been immune to the initial breach such as malware, ransomware, phishing and so on.

Once inside, the outsider becomes an insider

The average breach goes undetected for more than 90 days.  Once inside your internal system, with access to your trusted credentials, an attacker looks just like a trusted insider.  A cybercriminal wants to go undetected for as long as possible so they can reach their reach to more systems, gain more access, and steal as much of your data as possible.  The bad guys do this by not only using the stolen credentials to reach new systems, but these same credentials allow the attacker to impersonate insiders and hide their activity by encrypting it.

Victim or not?  The choice is yours

You do not need to be the next Equifax, Yahoo, or Sony.  Instead mitigate the reach of any potential breach to only the machine that was compromised.  There are countless small breaches that do not make headlines because the initial breach was contained with proper control of credentials and monitoring of trusted access.

 Take inventory of complicated SSH trust maps with SSH Universal Key Manager.  This is imperative to limit the spread of any potential breach, no matter how the breach started.

 Control and monitor encrypted access with CryptoAuditor.  Once inside your network, an attacker now looks just like a trusted insider.  To protect yourself you need to monitor encrypted traffic and implement proper 3rd party access controls with CryptoAuditor.

 The future of access control will not include passwords, long-term credentials, or agents on servers.  PrivX On-Demand Access Manager helps eliminate passwords, credentials, and agents on servers.  Enter the future of access control now for new DevOps and cloud environments or transition to the future with SSH Universal Key Manager and PrivX. 

This is a Security Bloggers Network syndicated blog post authored by John Walsh. Read the original post at: SSH Blog