Tell us about your infrastructure requirements and how to reach you, and one of team members will be in touch shortly.
Let us know which data center you'd like to visit and how to reach you, and one of team members will be in touch shortly.
Tell us about your infrastructure requirements and how to reach you, and one of team members will be in touch shortly.
Let us know which data center you'd like to visit and how to reach you, and one of team members will be in touch shortly.
In 2017, one of the most significant data breaches in history struck Equifax, one of the largest credit reporting agencies in the U.S. The breach exposed the personal information of 147 million individuals, including Social Security numbers, birth dates, and driver’s license numbers. The story of Equifax’s breach serves as a cautionary tale for businesses on the critical importance of securing sensitive data.
The breach occurred due to a known vulnerability in Apache Struts, a widely used web application framework. Despite the patch being available for months, Equifax failed to apply it for various reasons. Attackers exploited this vulnerability, gaining access to sensitive customer data for weeks before the breach was detected.
Equifax’s handling of the breach compounded the problem. After the attack was discovered in July 2017, the company delayed public disclosure until September, drawing sharp criticism. The breach not only shook consumer trust but also led to a $700 million settlement to compensate affected individuals (Fung, 2019).
Richard Smith, former CEO of Equifax, admitted in testimony before Congress that the breach was “entirely preventable” had the company followed standard cybersecurity practices (Smith, 2017). This breach highlights the dire consequences of delayed patch management and inadequate incident response. Equifax’s story illustrates how even a well-established company can suffer immense damage from a data breach, impacting its reputation, finances, and customer trust.
The National Institute of Standards and Technology (NIST) has developed a comprehensive incident response framework (outlined in NIST SP 800-61) that can help organizations effectively handle data breaches like the one Equifax faced. This blog will walk you through the steps outlined in the NIST framework, using lessons from Equifax’s experience to underscore the importance of each phase.
Before any breach occurs, a company must have an established incident response policy. This policy should define the company’s strategy for identifying, responding to, and recovering from a data breach. It must also clearly delineate the roles and responsibilities of the Incident Response Team (IRT). The IRT includes cybersecurity professionals, legal advisors, communication officers, and other critical stakeholders who are tasked with responding to security incidents.
In the Equifax case, the lack of a well-defined response protocol exacerbated the damage. Not only did they fail to patch a known vulnerability in their system, but once the breach was discovered, their delayed public disclosure caused further reputational damage. Companies should ensure they have a protocol in place for quick and transparent communication with the public if a breach occurs.
Preparation is the most critical phase of any incident response plan, and this is where Equifax fell short. By failing to update their systems with a known security patch, Equifax left itself vulnerable to exploitation. To avoid such costly mistakes, businesses must take a proactive approach to data security. This includes conducting regular security audits, applying patches promptly, and training employees to recognize potential security threats.
By prioritizing preparation, companies can significantly reduce their risk of a data breach or at least minimize the damage if one occurs.
Detection is the first step in responding to an actual data breach. Unfortunately, Equifax did not detect the intrusion until months after hackers had gained access to their systems. Early detection is crucial in minimizing the impact of a breach. Organizations should have monitoring tools and systems in place to alert them to suspicious activity.
In Equifax’s case, their failure to detect and respond promptly allowed the attackers to stay within the system for an extended period, exacerbating the damage.
Once a breach is detected, the next step is containment. Containment involves isolating the affected systems and preventing the breach from spreading further. This step is vital in preventing additional damage and ensuring that attackers cannot continue to access or exfiltrate data.
Equifax failed to effectively contain the breach after its detection, allowing attackers to access sensitive data over an extended period. Swift and decisive containment is essential to limit the damage in any breach.
Once the breach has been contained, the next phase is eradication—removing the threat actor and their artifacts (e.g., malware, backdoors) from the system. Recovery involves restoring systems to normal operations, ensuring that security gaps have been addressed, and continuously monitoring for any signs of residual threats.
In the aftermath of their breach, Equifax had to undertake extensive recovery measures, including reconfiguring their security infrastructure and compensating customers affected by the breach.
Once recovery is complete, organizations should conduct a post-incident review to identify lessons learned and improve future responses. This phase involves documenting the breach, analyzing what went wrong, and refining the incident response plan accordingly.
Incident Report: Document the breach’s timeline, impact, and the effectiveness of the response efforts.
Equifax’s post-breach recovery involved costly settlements and a commitment to improving their cybersecurity practices. Businesses can avoid this level of damage by ensuring they learn from each incident and continuously improve their response mechanisms.
The Equifax breach is a stark reminder that no organization is immune to data breaches. By following the NIST framework—preparing, detecting, containing, eradicating, and recovering—companies can minimize the damage caused by a data breach and maintain trust with their customers. While Equifax’s delayed response and lack of preparation allowed their breach to spiral out of control, businesses that adopt a proactive approach to data security will be much better equipped to survive the storm.
Bibliography
Fung, B. (2019, July 22). Equifax’s $700 million data breach settlement is the largest ever. CNN Business. https://www.cnn.com/2019/07/22/tech/equifax-data-breach-settlement/index.html
Smith, R. (2017, October 3). Testimony Before the U.S. House Committee on Energy and Commerce. Equifax.
Discover the DataBank Difference today:
Hybrid infrastructure solutions with boundless edge reach and a human touch.