Filter by Category

Two Cybersecurity Takeaways from the Equifax Data Breach

equifax data breach and cybersecurity

It’s been nearly a week since Equifax went public with knowledge of a massive data breach—perhaps one of the biggest to date. There’s no word yet on who is or isn’t affected, but it’s very likely that 143 million Americans (45% of the U.S. population and 80% of those who have a credit report) are now at risk of identity theft.

What data was compromised? SSNs, birth dates, and addresses for certain, followed by driver’s license and credit card numbers for an unlucky few. The impact this will have on Americans, and even the Britians and Canadians who were affected, is staggering.

Data breaches may be as familiar as breathing by now, but this one’s no drop in the bucket. Equifax’s loss has tremendous implications, prompting questions from consumers around the world: what does it mean for us? What should we be doing to protect our information right now? How can we be sure this won’t happen again in the future?

These are important concerns. Until they’re answered, consumers should take every available precaution, including putting an alert on your credit reports (or freezing them altogether), to limit the damage that could come in the aftermath of this breach.

But these aren’t the only questions we have. If onlooking cybersecurity teams aren’t discussing how the Equifax data breach stands to change the way we view our security practices, it might be time to kickstart that conversation—preferably before the next shattering data breach.

Here’s what we think are the most important takeaways from this event.

We Need Better Security and Encryption Practices

Equifax may not have kept consumer information properly secured

It’s one thing to have a data breach. It’s another thing to have an unencrypted data breach, and unfortunately, Equifax (as of September 13th, 2017) has yet to clarify whether the database compromised was secured at rest. If it was, America’s mass panic might temper a little. Hackers need access to encryption keys in order to read, and use, the information they stole. Without those keys, the data is virtually useless.

Others are also unsure whether or not proper encryption was used. This article from The Street, an American financial news and services website, reports: “While Equifax has not revealed the specifics of the hack, either the databases were not encrypted or the ‘application vulnerability that was exploited provided authorized access to the data in an unencrypted state,’ said Nathan Wenzler, chief security strategist at AsTech, a San Francisco-based security consulting company.” Outlets like ABC News and several security experts in the industry hold the same uncertainties.

Until Equifax clarifies the security status of what was stolen, everyone should operate under the assumption that their personal data—social security numbers, addresses, birth dates, etc—wasn’t secure, and take proper steps to reduce the risk of identity theft.

Are you worried your data was affected? Follow recommendations provided by the FTC on their website.

No matter what statements are released in upcoming days, weeks, and months, it’s clear we need to scrutinize the way organizations encrypt sensitive information. Perhaps it’s time to look closely at our current business processes and develop better cybersecurity practices.

What do we hope to see in the aftermath of this breach?

  • Companies using strong encryption and network monitoring software
  • Encrypted data in transit and at rest. Always. No exceptions
  • Mandatory multi-factor authentication (MFA) for user access
  • Better use of alert messages when faced with strange activity (or more normal activity than usual)
  • Frequent security audits and employee training sessions
  • Monthly identification of unusual network devices, applications, or connections that could allow hackers to exploit a backend database or unchecked website vulnerability

The Equifax data breach has brought the issue of cybersecurity to light for many onlookers: companies, security professionals, public consumers. Since Equifax fell short on their promise to protect the data they collect, we’ll probably see updates to the way the industry enforces encryption and security in the near future.

We Need to Remember that Customers are Real People

Equifax has not explained how they will prevent future breaches

In the days following the breach, Equifax has been hesitant to discuss details about the incident, leaving people to wonder what steps they’ll take to secure their data now or how they’ll anticipate and prevent future attacks. How, exactly, did the breach happen? Who, exactly, is at risk? What, exactly, will happen to consumers who are affected?

This brings up the final change we hope to see in the future: organizations taking cybersecurity practices seriously. In a rush of business decisions and company goals, it can be easy to tick security off a long list of to-dos or see a data breach as a blow to financial numbers and incoming sales.

But who really hurts from ignoring good cybersecurity policies? People. Individuals and families who, impacted by the exposure of their personal data, may struggle to rebuild their finances and identity. They trust organizations like Equifax, Verizon, Google, and Chipotle to secure their information.

And with each data breach, organizations are failing to make good on that trust.

The industry’s view of customers, clients, and consumers needs to shift if we’re ever going to seriously prevent the next onset of cyberattacks. Their data should be treated as sacred, not just a row in a database. The potential lasting impact for each person affected by a breach is far too great to think otherwise.

If we choose to learn from the mistakes of modern data breaches, we might, just might, chart a different course for cybersecurity.

If we don’t? Nothing will ever change.

How do you envision this breach impacting the future of cybersecurity? Share your takeaways in the comments below.

Latest Posts

What is a DMZ and Why Do You Need a DMZ Gateway?

June 19, 2019

If you’ve watched a science-fiction movie about space travel, then you’ve likely seen some version of a scene in which an astronaut reenters their ship from the outside abyss. Because the ship…

Eight Hacks You Can Implement to Combat "Hackable" Network Vulnerabilities

June 18, 2019

Although we’re becoming savvier to the tricks hackers have pulled in the past, they are still working to up their game and catch us where and when we least expect it. Fortunately, there are some…

How to Achieve SFTP Automation in Your Organization

June 17, 2019

Whether you regularly receive 10 or 10,000 file transfers from your SFTP partners, it can be frustrating to go in and manually retrieve, unencrypt, and process these documents. Not only is this…

How SFTP Works

June 13, 2019

How does SFTP work?When you need to secure server-to-server file transfers between yourself, your trading partners, and enterprise servers, SFTP (which stands for SSH File Transfer Protocol or Secure…

Centralize Your EDI X12 File Translation with GoAnywhere MFT

June 3, 2019

GoAnywhere recently released a new version of its award-winning managed file transfer solution, GoAnywhere MFT. Version 6.1 includes support for electronic data interchange (EDI) X12 standards, as…