The massive Equifax data breaches have been circulating headlines around the world. What isn’t widely known is that at least two of the three breaches were caused by very simple security oversights.
The worst data breach in history
When the story first broke about the massive data breach impacting 146 million people, speculation about its origin was intense. About a week later it was revealed that Equifax had not applied a critical security patch in a timely manner, which allowed malicious hackers to exploit a serious vulnerability and gain access. Patching is important for two reasons. One because the security issue is resolved, and two because when a patch is released it is announcing the existence of a vulnerability — almost an advertisement of how to hack unpatched systems. As a result unpatched systems present a tremendous liability.
While the news cycle about the original breach at Equifax was building, another damaging breach occurred. This time in Argentina because Equifax’s database was setup with (presumably default) credentials of admin (for both the username and password). Having an easy to guess password assigned to critical systems is extremely dangerous. A determined malicious hacker will have at their disposal automated techniques to guess passwords and gain entry upon successfully authenticating. That means it’s only a matter of time before an organization that uses weak passwords is hacked.
Don’t let it happen to you
These unfortunate oversights were entirely preventable. Having a third party audit could have revealed these (and potentially other) oversights by examining Equifax’s systems and networks. Discovering the attack surface (or vulnerable area) on systems and networks is crucial. It allows experts to determine what areas need attention to secure from attack. For example, there may be unpatched systems or other issues that have gone unnoticed.
Envescent has over 22 years of information and network security experience, helping our clients mitigate risk through comprehensive cybersecurity solutions. We allow our clients to build confidence in their systems and networks by discovering the weak links and improving security from the top down. Our experts also provide training so that our clients can ensure they understand how to protect themselves from the latest threats.
Contact us to learn more about staying safe in an increasingly unsafe digital world.