How To Protect Your Company From Cyber Attacks
It’s been a little over a year since it was announced that hackers stole the names, Social Security numbers, birth dates, addresses, and in some cases the driver licenses and credit card numbers of nearly 148 million Americans in a massive attack on the credit monitoring company, Equifax. How could a company charged with being a gatekeeper of the credit histories of millions of Americans inadvertently open its gates to credit thieves? It appears that the hack came as a result of security failures on many levels. Failures that every company or business that retains―and therefore is responsible for―customers and employees’ personally identifiable information (PII) should review and remedy, if necessary, within their own organization.
A data breach of this proportion should serve as a warning to all of us. If cybercriminals can attack a gatekeeper like Equifax, they could very well attack other business with relative ease. That’s why the Salt Lake Chamber, through its Cybersecurity Initiative, is working to make cybersecurity top of mind for all Utah businesses. The Chamber’s Cybersecurity Leadership Council has identified four steps that, when implemented, will help enhance a company’s protection and response capabilities to mitigate cyber attacks and intrusions.
Prevention
First and foremost, Equifax’s inability to protect millions of Americans’ PII comes down to the credit agency’s failure to act. In March of 2017, a cybersecurity arm of the US Department of Homeland Security, US-CERT, issued a warning about vulnerabilities in the web application software, Apache Struts. According to Equifax, it notified the company’s systems administrators about the program vulnerability, but the recipient list was outdated and the administrators who would have installed the patch never received the notice.
Aside from failing to patch the vulnerability in the Struts program, Equifax also failed to put security measures in place that would have prevented the hackers from jumping from the insecure, internet-facing systems to backend databases. Don’t let failure to prioritize cybersecurity bring down your business. Come up with a plan to protect your organization’s assets by applying security policies, reviewing and testing access control procedures, training your employees, and developing a incident response plan (IRP).
Detection
Costly delays and crucial errors caused Equifax to remain unprotected from the Apache Struts vulnerability for months. It wasn’t until a week after the warning about the Struts vulnerability that the company ran a series of scans to identify any vulnerable systems, but the scans failed to reveal any problems. On top of that, a digital certificate that was used to authenticate computer servers and systems and inspect network traffic had expired about 10 months before the breach occurred.
Timely detection of a compromised system or device is crucial to properly secure your company from hackers and other cyber threats. Be sure your business or company has a thorough intrusion detection system (IDS) in place. IDS’ take into account known threats and intruder types, methods and processes used and, when necessary, can sound alarms and notifications.
Response
Attempting to come up with a response plan in the middle of a cyber attack is a recipe for disaster. Having a well-established cybersecurity IRP is your organization’s best defense against a breach or cyber attack. This IRP will not only serve as a roadmap for how your business should respond during and after a cybersecurity incident, but it also serves as a proactive plan that can help your organization prevent an attack by monitoring and securing assets.
While Equifax did have an IRP, it was outdated and therefore ineffective. The federal investigation into Equifax’s breach showed portions of the company’s IRP had not been updated in over three years. The National Institute of Standards and Technology (NIST) recommends that cybersecurity IRP should be a living document that is continuously updated so that it remains relevant and effective.
Recovery
Security takes re-evaluation. Following a cybersecurity incident, organizations should review what took place, discuss how it was handled, and make any necessary changes to prevent a similar event from occurring in the future.
According to the GAO report, Equifax is taking steps to remedy the many factors in which it failed by implementing a new management process to identify and patch software vulnerabilities and then confirm the fixes have been made. Equifax also plans to utilize new tools to monitor network traffic and detect any malicious activity.
As the digital world continues to evolve so do threats of cyber attacks; the scope, size, and impact of which also continue to grow. The more connected companies are, and the more collaboration they have with a broader network of partners, the greater the cybersecurity risks become. So while keeping on top of emerging security and privacy threats is challenging, time-consuming and at times expensive, it’s more critical than ever before.
