Written By Dr Al Hartmann And Presented By Charles Leaver
The following heading hit the news recently on September 7, 2017:
Equifax Inc. today revealed a cybersecurity event potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. site application vulnerability to access to particular files. Based on the business’s investigation, the unauthorized access occurred from mid-May through July 2017.
Lessons from Past Debacles
If you like your occupation, value your role, and dream to retain it, then don’t leave the door ajar for attackers. A significant data breach frequently begins with an unpatched vulnerability that is easily exploitable. Then the inescapable happens, the hackers are inside your defenses, the crown jewels have actually left the building, the press releases fly, high-priced specialists and external legal counsel accumulate billable hours, regulators descend, lawsuits are flung, and you have “some serious ‘splainin’ to do”!
We have yet to see if the head splainer in the current Equifax breach will make it through, as he is still in ‘splainin’ mode, asserting the breach started with the exploitation of an application vulnerability.
In such cases the normal rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (specifically the audit and business duty committees). Don’t let this take place to your professional life!
Actions to Take Immediately
There are some common sense actions to take to prevent the inescapable breach disaster resulting from unpatched vulnerabilities:
Take stock – Inventory all data and system assets and map your network topology and attached devices and open ports. Know your network, it’s division, what devices are attached, what those devices are running, what vulnerabilities those systems and apps expose, what data assets they gain access to, the level of sensitivity of those assets, what defenses are layered around those assets, and what checks remain in place along all potential access points.
Improve and toughen up – Execute best practices recommendations for identity and access management, network division, firewall software and IDS setups, operating system and application configurations, database access controls, and data file encryption and tokenization, while streamlining and trimming the number and intricacy of subsystems throughout your business. Anything too complex to handle is too complex to protect. Select setup hardening heaven over breach response hell.
Constantly monitor and scrutinize – Routine audits are necessary but not enough. Continually monitor, track, and assess all pertinent security events and exposed vulnerabilities – have visibility, event capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability exposure, every script execution, every command issued, every networking contact, every database transaction, and every delicate data access. Any holes in your security event visibility develop an opponent free-fire zone. Establish key performance metrics, monitor them ruthlessly, and drive for unrelenting enhancement.
Don’t accept operational reasons for insufficient security – There are always safe and secure and reliable functional policies, but they might not be pain-free. Not suffering a catastrophic data breach is long down the organizational discomfort scale from the alternative. Functional expedience or running traditional or misaligned priorities are not valid excuses for extenuation of bad cyber practices in an intensifying threat environment. Make your voice heard.