Written By Josh Applebaum And Presented By Charles Leaver Ziften CEO
Experian Have to Learn from Past Errors And Implement A Constant Monitoring Service
Operating in the security sector, I have actually always felt my job was hard to explain to the average individual. Over the last couple of years, that has changed. Sadly, we are seeing a brand-new data breach revealed every few weeks, with much more that are kept secret. These breaches are getting front page attention, and I can now explain to my friends what I do without losing them after a couple of sentences. Nevertheless, I still question exactly what it is we’re gaining from all of this. As it turns out, lots of companies are not learning from their own errors.
Experian, the international credit reporting company, is a company with a lot to learn. Numerous months ago Experian revealed it had discovered its servers had been breached and that consumer data had actually been stolen. When Experian announced the breach they reassured clients that “our consumer credit database was not accessed in this breach, and no credit card or banking information was acquired.” Although Experian took the time in their statement to assure their consumers that their financial information had actually not been taken, they further elaborated on what data really was taken: customers’ names, addresses, Social Security numbers, date of birth, driving license numbers, military ID numbers, passport numbers, and extra information utilized in T- Mobile’s own credit evaluation. This is scary for two reasons: the first is the type of data that was stolen; the 2nd is the fact that this isn’t the first time this has taken place to Experian.
Although the cyber criminals didn’t leave with “credit card or banking information” they did walk away with individual data that could be exploited to open brand-new credit card, banking, and other monetary accounts. This in itself is a reason the T-Mobile clients involved ought to be concerned. Nevertheless, all Experian customers ought to be a little nervous.
As it ends up, this isn’t the first time the Experian servers have actually been compromised by cyber attackers. In early 2014, T-Mobile had actually announced that a “reasonably small” number of their customers had their personal details stolen when Experian’s servers were breached. Brian Krebs has a really well-written article about how the hackers breached the Experian servers the first time, so we won’t enter into too much information here. In the very first breach of Experian’s servers, hackers had exploited a vulnerability in the company’s support ticket system that was left exposed without first needing a user to confirm before utilizing it. Now to the scary part: although it has become widely understood that the hackers used a vulnerability in the company’s support ticket system to gain access, it wasn’t till soon after the second hack that their support ticket system was shut down.
It would be hard to imagine that it was a coincidence that Experian chose to close down their support ticket system mere weeks after they announced they had been breached. If this wasn’t a coincidence, then let’s ask: what did Experian find out from the first breach where customers got away with sensitive client data? Businesses who save their customers’ sensitive information ought to be held responsible to not only protect their clients’ data, however if also to ensure that if breached they plug up the holes that are discovered while investigating the attack.
When companies are examining a breach (or possible breach) it is necessary that they have access to historical data so those investigating can try to piece back together the puzzle of how the cyber attack unfolded. At Ziften, we provide a system that permits our clients to have a continuous, real-time view of everything that takes place in their environment. In addition to offering real-time visibility for detecting attacks as they take place, our continuous monitoring service records all historic data to enable customers to “rewind the tape” and piece together exactly what had actually taken place in their environment, no matter how far back they have to look. With this new visibility, it is now possible to not only discover that a breach took place, but to also find out why a breach took place, and hopefully learn from previous errors to keep them from happening once again.