The surge in the application of technology by businesses across the globe is associated with an increase in the dangers of cyber-attacks. At any given time, corporations have to deal with the dangers of a data breach by third parties. One of the US corporations to be affected in recent times is Equifax, one of the key credit bureaus in the United States. The attack took place around July last year. About 145 million people, whose data are stored with the company are said to be affected with the breach that led to questions about the readiness by organizations to secure their systems from attacks propagated over the internet (Larson, 2017).
The propagators of the attack are said to have taken advantages of US website application that is comparatively vulnerable to infiltrate the systems of the company. Experts argue that the web applications utilized by Equifax provided the hackers with broad access to classified information of the clients of the corporation. The breach into the systems of the company is attributed to the failure of the firm to implement adequate security measures considering that it is not the first US Company to be affected by the hacking. The compromise in information security led to the stealing of social security numbers, addresses, and date of births, driver’s license details and credit card (Kennedy, 2017). Such are the details required by identity thieves to open credit accounts in the names of the affected persons. The attackers proceeded to create a fake website, which was unexpectedly tweeted by Equifax, to defraud the customers of Equifax of cash further. The communication by the company complicated the issue throwing the clients into disarray not knowing how to determine the genuine website and safeguard their data against further compromise.
Preventive and Future Protective Strategies
Multiple steps should have been taken by Equifax to prevent and ensure the integrity and security of the data in the future. The attack on the company systems affirms the lack of effective monitoring measures to ensure the data on the company’s website is secure. One such strategy is automation of the monitoring of the web applications to detect any attempt by unauthorized persons to access the data within its systems. Apparently, the breach was not undertaken in a single instance but occurred over a period before detection by the corporation. Through the automation of a detection of the process, the company would have prevented the extensive infiltration through taking adequate measures.
Another practice that would have saved the company of the breach is to test its web application before full implementation. A practice termed SecDevOps helps organizations test the vulnerabilities of its systems and take the necessary measure to seal the loopholes that may predispose it to data leaks (Kontzer, 2017). SecDevOps guarantees secure testing of penetration, as well as a review of the application codes, would have been helpful in the identification of the Apache vulnerability and protected itself from the hack.
Conclusion
The Equifax data breach adversely affected the clients of the credit bureau and predisposed them identity thefts. The attack lead to the access of sensitive data of up to 145 million making it one of the most severe attacks of 2017. Going forward, Equifax and other US corporations should invest in effective system monitoring tools to assist in the timely detection and reduce the severity of the attacks. Further, systems should be tested before being implemented to detect and improve security.
References
Kennedy, M. (2017). After Massive Data Breach, Equifax Directed Customers To Fake Site. NPR. Retrieved 23 January 2018 from https://www.npr.org/sections/thetwo-way/2017/09/21/552681357/after-massive-data-breach-equifax-directed-customers-to-fake-site
Kontzer, T. (2017). Could the Equifax Breach Have Been Avoided? RSA Conference. Retrieved 23 January 2018 from https://www.rsaconference.com/blogs/could-the-equifax-breach-have-been-avoided
Larson, S. (2017). The hacks that left us exposed in 2017. CNN Tech. Retrieved 23 January 2018 from http://money.cnn.com/2017/12/18/technology/biggest-cyberattacks-of-the-year/index.html
