Equifax, one of the three major consumer credit reporting agencies, said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers. The attack on the company represents one of the largest breaches of personally sensitive information in recent years and is the third major cybersecurity event for the agency since 2015.
After the incident was discovered, Equifax engaged a leading cybersecurity firm to conduct a comprehensive forensic review to determine the scope of the event. According to this investigation, criminals gained access to certain files in the company’s system from mid-May to July by exploiting a weak point in website software. The company said that it discovered the intrusion on July 29 and has since found no evidence of unauthorized activity on its main consumer or commercial credit reporting databases. The cost of this breach will likely reach into the multiple millions.
Now is the time to protect your organization! Here’s how:
1. Find out where your security gaps are.
A complete security strategy is a composite of people, processes, and technology orchestrated to protect your business and in many cases meet government dictated policy standards. A professional security risk assessment will analyze all three critical areas and evaluate your company’s performance relative to intended company objectives and security best practices. With the information developed from the assessment, you will be able to design strategies to strengthen, reinforce, or modify your security posture in order to anticipate evolving threats and satisfy the present needs of your business.
2. Improve and harden your organization’s security program.
Penetration tests, compromise and vulnerability assessments should be performed on an ongoing basis. No matter your size, all organizations should regularly check their applications, networks, and systems for vulnerabilities that can allow outsiders to have access to their critical data. They should also assess whether their environment is already compromised if they have not consistently monitored their security program, or are planning significant changes to their existing environment.
3. Strengthen your human firewall.
Your users are often the weakest link in your cyber defense program. You must have an integrated, ongoing security awareness training program to make them assets of rather than liabilities to your security posture.
4. Monitor your security infrastructure.
You should have round-the-clock vigilant oversight of your security infrastructure and your critic assets performed by security experts. The quicker you can identify a suspicious actor or event the better you can prevent or minimize any intended damage.
5. Make sure data is accessible no matter what.
If your defenses are overcome, you must be postured to prevent a disruption of your business operations. A strategic and functional disaster recovery plan formally integrated within your security program will ensure your business and reputation will remain resilient to a malicious cyber event.