Why Updates are critical to an organization’s security.

Why Updates are critical to an organization’s security.

1 comment

September 14, 2017

Almost half of the US population is at risk of identity theft. In fact their identities have already been stolen. In 2014 Yahoo accounts hacking was considered huge, but they were just the email ids. One more example is the famous eBay hack in the same year where 145 million users data was breached. A few days back Equifax was breached. This breach is a notch higher. 143 million records have been compromised. Important personal information like Name, Date of birth, Social security number, Driving license number, etc have most probably been stolen. The Equifax data breach is unnerving thanks to the sheer scale of sensitive data involved.

Many people are questioning how, despite thousands of brilliant people developing cyber security capabilities, we still have so many data breaches.

According to an unsubstantiated report from one source, Equifax puts the blame on Apache Struts. A new struts security problem was uncovered on September 5. But Equifax admitted hackers haThere are major ramifications for both the people whose identities have been stolen and Equifax.d broken in between mid-May through July, long before the most recent Struts flaw was revealed.

There was one more serious security flaw with struts in March. If struts is responsible for the breach it must be the March security flaw, that was patched in March itself. Hence if it is that flaw that was exploited, the responsibility lies with Equifax IT team. The least they could have done is update struts with the security patch made available.

There are major ramifications for both the people whose identities have been stolen and Equifax.

For the people whose records have been compromised, once someone else gets hold of your personal information, they are able to do a variety of malicious acts with the information. The most common types of crime are ones which are considered to be financial fraud, such as credit card fraud, bank fraud, tax rebate fraud, benefit fraud ( a person knowingly obtains public funds to which they have no entitlement to ) and telecommunications fraud. Identity thieves can also use your identity when they commit other crimes, such as entering (or exiting) a country illegally, trafficking drugs, smuggling other substances, committing cyber crimes, laundering money and much more. In fact, they can use your identity to commit almost any crime imaginable in your name.

As for Equifax, with this compromise they have lost the trust of the masses. Then there are law suits being filed. At least 25 lawsuits had been filed in federal courts by Sunday, including at least one accusing the company of securities fraud, court records show.

What is the simple lesson this eventuality teaches us.

Updates, the simplest of technical activities, at the right time could have kept Equifax safe from this catastrophe!

Note: We at Agni have a hybrid solution

© Copyright 2024 Agni Information Systems (P) Ltd.

Top