Written By Dr Al Hartmann And Presented By Chuck Leaver
The following heading hit the news recently on September 7, 2017:
Equifax Inc. today announced a cyber security incident possibly affecting approximately 143 million U.S. consumers. Bad guys exploited a U.S. website application vulnerability to access to particular files. Based upon the company’s investigation, the unauthorized gain access to happened from the middle of May through July 2017.
Lessons from Past Data Breaches
If you like your career, appreciate your function, and dream to retain it, then do not leave the door open to opponents. A major data breach often begins with an unpatched vulnerability that is easily exploitable. And after that the inevitable occurs, the cyber criminals are inside your defenses, the crown jewels have left the building, the press launches fly, pricey experts and outside legal counsel rack up billable hours, regulators come down, suits are flung, and you have “some severe ‘splainin’ to do”!
We don’t know yet if the head splainer in the current Equifax breach will make it through, as he is still in ‘splainin’ mode, asserting the infiltration began with the exploitation of an application vulnerability.
In such cases the normal rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (specifically the audit and corporate responsibility committees). Don’t let this happen to your career!
Steps to Take Immediately
There are some commonsense steps to take to avert the unavoidable breach disaster arising from unpatched vulnerabilities:
Take stock – Inventory all data and system assets and map your network topology and connected devices and open ports. Know your network, it’s division, what devices are attached, what those devices are running, what vulnerabilities those systems and apps expose, what data assets they access, the level of sensitivity of those assets, what defenses are layered around those assets, and exactly what checks are in place along all possible access paths.
Streamline and get tougher – Execute best practices suggestions for identity and access management, network division, firewall software and IDS setups, os and application setups, database access controls, and data file encryption and tokenization, while simplifying and cutting the number and complexity of subsystems across your business. Anything too complicated to handle is too intricate to secure. Choose configuration hardening paradise over breach response hell.
Constantly monitor and inspect – Periodic audits are necessary but inadequate. Continuously monitor, track, and assess all relevant security events and exposed vulnerabilities – have visibility, event capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability exposure, every script execution, every command issued, every networking contact, every database transaction, and every sensitive data access. Any gaps in your security event visibility develop an enemy free-fire zone. Develop essential efficiency metrics, track them ruthlessly, and drive for relentless enhancement.
Don’t accept operational excuses for insufficient security – There are always protected and efficient functional policies, however they might not be painless. Not suffering a devastating data breach is long down the organizational pain scale from the alternative. Functional expedience or operating legacy or misaligned top priorities are not valid excuses for extenuation of poor cyber practices in an escalating risk environment. Make your voice heard.