Written By Dr Al Hartmann And Presented By Chuck Leaver
The following headline struck the news last week on September 7, 2017:
Equifax Inc. today announced a cyber security occurrence possibly impacting around 143 million U.S. consumers. Criminals exploited a U.S. site application vulnerability to access to certain files. Based on the business’s examination, the unapproved gain access to occurred from mid-May through July 2017.
Lessons from Past Data Breaches
If you like your job, appreciate your function, and wish to retain it, then do not leave the door ajar for opponents. A significant data breach often begins with an unpatched vulnerability that is easily exploitable. Then the inevitable takes place, the cyber criminals are inside your defenses, the crown jewels have actually left the building, the press releases fly, costly specialists and outside legal counsel rack up billable hours, regulators come down, lawsuits are flung, and you have “some serious ‘splainin’ to do”!
We don’t know yet if the head splainer in the existing Equifax breach will make it through, as he is still in ‘splainin’ mode, asserting the infiltration began with the exploitation of an application vulnerability.
In such cases the usual rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (especially the audit and corporate responsibility committees). Do not let this take place to your professional life!
Actions to Take Immediately
There are some commonsense steps to take to avoid the unavoidable breach catastrophe resulting from unpatched vulnerabilities:
Take stock – Inventory all data and system assets and map your network topology and attached devices and open ports. Know your network, it’s division, what devices are attached, what those devices are running, what vulnerabilities those systems and apps expose, what data assets they gain access to, the sensitivity of those assets, what defenses are layered around those assets, and what checks remain in place along all potential access points.
Streamline and toughen up – Carry out best practices suggestions for identity and access management, network segmentation, firewall and IDS setups, os and application setups, database access controls, and data file encryption and tokenization, while simplifying and cutting the number and intricacy of subsystems throughout your business. Anything too complex to manage is too intricate to secure. Select setup hardening heaven over breach response hell.
Continually monitor and scrutinize – Periodic audits are essential but not enough. Continually monitor, track, and examine all pertinent security events and exposed vulnerabilities – create visibility, occasion capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability direct exposure, every script execution, every command issued, every networking contact, every database transaction, and every delicate data access. Any holes in your security occasion visibility produce an attacker free-fire zone. Develop essential performance metrics, track them ruthlessly, and drive for relentless improvement.
Don’t accept operational excuses for insufficient security – There are constantly safe and secure and reliable functional policies, but they may not be painless. Not suffering a catastrophic data breach is long down the organizational pain scale from the alternative. Functional expedience or running legacy or misaligned concerns are not legitimate excuses for extenuation of poor cyber practices in an escalating risk environment. Make your voice heard.