The Equifax Data Breach: Lessons to Learn

The massive exfiltration of data from Equifax—Social Security numbers and more vital information on perhaps 143 million persons—serves a chilling notice.

If one of the three big U.S. credit reporting agencies can be successfully hacked, then any company storing personally identifiable information can pretty much assume the worst about its own vulnerability.

But as always in cyber defense, resources are limited and information security officers need to prioritize. The only clue Equifax offered about the nature of the attack was that it “exploited a U.S. website application vulnerability to gain access to certain files.” Not much help.

So we’re offering five articles that should help you think through your own cybersecurity review, balancing effort vs benefit.

5 Questions Boards Should Ask about Cybersecurity

“How Good Is Our Cyber Risk Visibility?”

“How Well Do Personnel Understand What’s Expected of Them?”

In this post, RiskLens founder Jack Jones, suggests the simple but penetrating questions organizations need to face well before a data breach crisis. “Executive management can learn to identify and focus on the strategic and systemic sources of cyber risk, without becoming distracted by complex technology-related symptoms,” Jack writes.

How to Spot Data Breaches in Audit Trails [FAIR Institute Blog]

Equifax said that its system was first penetrated in May, 2017, but the breach wasn’t discovered till late July. Jack Jones writes that “typical access logs will rarely be able to definitively tell us that a breach has occurred” but he has some tips for combing through logs for clues.

Case Study: How to Evaluate Audit Findings

To patch or not to patch…When a manufacturing company fell behind on patching, the audit recommendation was to double up on patch efforts. The IT department argued that the return on investment just wasn’t there. The RiskLens application settled the debate with a quantifiable before/after risk analysis.

3 Common Mistakes Analysts Make Calculating Threat Event Frequency for Web Applications

A web application was the weak point in Equifax’s defenses. But how to prioritize remediation for web applications when log entries for any of them show a large number of contacts that may or may not be truly threatening? RiskLens CTO Bryan Smith explains the key concept of “threat event frequency” for clarifying applications risk.

Top 6 Websites for Data Breach News and Other Cybersecurity Updates

From Krebs on Security to the Verizon DBIR Report, these are the information sources you need to follow the latest news on breach incidents, remediation and recovery.