It should come as no surprise Equifax is a major target for hackers and as it turns out it has suffered two breaches over a short period of time. This latest breach may be the one that does them in. So far it has cost them more than 2.2 billion dollars in lost valuation. Moreover, a class-action suit is brewing.
They recently traded as high as $142.89 and as of this writing they were hovering around $124. The company has 120,370,000 shares meaning a loss of value of around 2.27 billion dollars.
What was the problem? It’s unknown but apparently has to do with a website vulnerability. Some potential culprits are a WordPress vulnerability or one related to a plug-in. Other options include:
- Injection flaw (SQL, etc.)
- Broken authentication and session management
- Underprotected APIs
- Security misconfiguration
- Cross site request forgery
We covered the Equifax breach of 143 million users yesterday and we also wrote another article yesterday about cybersecurity areas business managers and owners need to be aware of. Here is an excerpt:
There is a near infinite knowledge a business owner needs to be aware of to stay safe. For example, there are at least eight areas to focus on for proper email security. There are three other important areas of focus you need to be concerned with to ensure your systems (the actual equipment used by workers) are secure.
More areas to be aware of:
- Cybersecurity training is crucial.
- Auditing and documentation must be performed to ensure systems are secure.
- Anomaly detection should be running constantly to detect threats as they emerge.
- Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
- Finally network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
Really, it is possible any of of the above items 1-4 would have either prevented this problem or caught it early. It’s not a guarantee of course without knowing what happened but certainly, if these things had been done properly, the risk of a breach would have been greatly reduced.
We can just add this latest breach to the list of important news in the world of cybersecurity:
- 77% of schools face major cybersecurity risks – based on their own knowledge of their systems and lack of preparedness. Even worse, 79% do not use any software for information security governance or risk management.
- One school was duped into wiring 8 million dollars to hackers at the end of last month in fact.
- IoT devices are proliferating throughout companies – whether business owners are aware or not and often they are unprotected.
- 711 million email addresses were just stolen which equates to more than 10% of active emails. These addresses will be used to target businesses and individuals for many years to come.
All organizations need an expert – an internal one who should be audited by an external organization at least annually or a top MSP or MSSP with enough depth on their team to ensure systems are securely operating.
Make sure you find a firm with solid online reviews and excellent customer references.
Even if your company is worth hundreds of thousands or just a few or tens of millions, you need to take cybersecurity seriously as it is a business, not IT issue these days. Moreover, the relative value of a cyberattack could be fare greater to a small organization. If your business is worth protecting, be sure to have a strong focus on cyber attacks, including training and the tech solutions your company needs to stay protected.