In today’s world, technology has improved a great deal. It has created more sufficiency in many of the fields right from medicine and too many of the areas in the economy. Many developers of technology are also continuing to make improvements to each new day. This has helped to improve the economy of the world. Although this has added a lot of advantages to today’s world, there have been disadvantages that come along with the same issue. Cybersecurity breaching has been one of the most significant problems that are taking place the day after the other. Many people have vast knowledge in IT, and hence some misuse it causing a lot of questions.
One of the companies that have been affected by data breaching is the Equifax company. Equifax is an American multinational consumer credit reporting agency, and it is one of the largest companies in the united states of America. Equifax collects and aggregates information on more than 800 million individual customers and more than 88 million businesses worldwide. Equifax also sells credit monitoring and fraud prevention services, and it sells this directly to its customers. It has headquarters in Atlanta, Georgia, Equifax operates in an investment that it has made in many of the countries in America, Europe and Asia pacific. It has more than 10,000 employees around the world.
Like many of the other companies in the united states, the company is required by the law to provide one free credit report every year. This is used to show the customers the improvements that are being made or what the company is doing for continuity. Having a lot of customers that are all over the world, the company produces around 3.1 US dollars every year. The company has been able to safeguard all its materials not until September 17 when they started to hear complaints from its customers.
Equifax breaching
The CEO of the company, who was Richard Smith, quickly embarked; on an ambitious growth when he was hired to the CEO of the company in 2005. He mainly looked at other factors of making the organization grow more prominent, but he did not look at other important factors like the security of the company. Being a large organisation and having a lot of customers it was a target for many cybercriminals. For this reason, a cyber breach occurred in 2017, where the company had credit information on 820 million customers as well as 91 million businesses.
For its vast nature, a lot of cybercriminals tried much to make sue that they had such an organization on hold. The company had a lot of massive and sensitive information, although it was unprepared for these attacks that befell on them. The company was hacked through a consumer complant web portal. The hackers used a widely known vulnerability that was supposed to be patched out since there were a lot of failures in the Equifax internal processes. The attackers were able to move from web portals to other ares since the systems were not adequately segmented from one another.
The attackers therefore were able to find usernames as well as passwords that were had been stored in a plain text. The company also allowed the attackers to access further system of the organisation. The attackers pulled the data out of the network that was in an encrypted form. It was undetected for months since the company had not updated and had not renewed their encryption certificates on one of their internal security tools and this is what possed much danger to the ourganisation. Having not rrenewed or updated their security program it brought in more problems since one could detect nothing.
The company since it did not know what was happening to it therefore in more than a month it did not go to the customers in public. They did not talk about the breach in a period of one month since they did not know what was happening to them. When they were about to discover of what had happened stock sales by the top executives around this time they gave rise to accusations of an insider trading. On May 13 2017, Equifax referred to in the GAO report as a separate incident and said that the attackers had begun to moving from the compromised server into the other parts of the network and exfiltrating data in earnest. /
From may in the same year the attackers were able to access to more of the Equifax databases that contained information on hundreds of millions of people. As seen the company had a poor data governance. For these reason the attacker were able to access much information about the company. The attackers removed all the data and they were not noticed since the company security systems had all gone down.
The number of people affected in the breach.
The company had a lot of customers around the world and hence when the breach happened a lot of people were affected. The data that was affected was of about 143 million people. Around 40% of these were Americans. Their names addresses, dates of birth, social security numbers and driver licence numbers were exposed. Another number included people whose credit card numbers ha also been stolen. A lot of people gave complains about the differences that they were receiving and for these reason the company noted that there was a problem. Tose whose credit card numbers had been stolen consisted of the people who had paid Equifax directly so as to see their own credit report.
The attackers seemed to have a lot of understanding since the hacking happened and it did not seem like it did. Since the people were so much concerned with their credit score many paid Equinox to look at it also had the most personal data stolen. This could have led to fraud that later would damage their credit score. The funniy thing here was that ther nation braced itself for the wave of identity theft aand fraud since it seemed inevitable after this breach. It seemed like it never happened and this had everything to do with the identity of the hackers.
Equifax could have responded to the data loss only if they were keen on making sure that they look well in their systems. To make sure that they were protected the CEO could have ensured that the more the organisation is growing bigger the more he is adding on the security programmes of his organisation. This could have helped the organisation in ensuring that they do not receive attacks like what they got. A large organisation like the Equifax will always be in danger since many attackers know that such an organisation has a lot of resources.
Changes in the security controls.
Since there have been a lot of changes in the way people are working most especially in the internet it is important to make sure that the organisation works hard in order to maintain its security. Mainly for the large organisation like Equifax should make sure that they have extensive security system so as to protect their resources. One of the ways that can be used to ensure that Equifax do not receive cybersecurity threats is through identifying what type of data is at risk. The organisation should ensure that it has created an inventory checklist and it should ensure that they understand what people as well as apps and the kind of devices have access to what data. It is possible that some people who are in the organisation might collaborate with the cyber criminals.
If the company has no restriction to people who should have an access to information, then such people might get an access to an important information. Equifax company should regulate and monitor the people who are accessing their information. The company should consider customer data, employee data, financial data as well as other data which could include trade secrets or the marketing pplans.
The company should ensure that their systems are backing up automatically. There should bea regularly back up of critical email as well as the shared data on all computers and ensure that it is stored in a secure cloud solution. The other important thing that the company can do to ensure that its systems are secure is making sure that they keep their machines clean. The company should ensure that the technology that is used in the company has the latest versions of browsers, operating systems. This will help the organisation to make sure that the organisation programs can run easily and at a faster rate. Having modern hardware will ensure that Equifax has the best defence against viruses as well as malware and other types of online threats.
The other important thing that Equifax can do to ensure that the security of their organisation is well built is by making sure that they have secured their networks. It is important to make sure that the operating systems firewall is enabled. If there are employees who are working from it is important to make sure that their firewall is also well protected. Equifax should also come up with a mobile device management plan. The top managers can use such a program to monitor the programs. By doing this they can the devices can create a significant security challenges. It will be required that users will password their devices in order to protect them. Policies will as well be set in order to use the personal technology.
Equifax should make sure that it has restricted user access. This will ensure that either a worker a customer or a vendor will only access the data that they need. This will help the organisation since not many people will have an access to the company information. For the workers in the organisation it will be important to make sure that separate user account is created for each employee and they should create strong passwords. All the paswords should be unique for all the workers. All the workers should have different paswords and hence this will not be easy to crack all of them.
Equifax can educate its employees on cyber security. If all the workers are taught about cyber security is very essential to the organisation. All the workers will be aware of such attacks and they will be more careful when handling the organisation materials. Another important measure that Equinox can employ is enlist the help of a partner. The company should look for a well knowledgable and competent computer professional who can help the organisation overcome the cases of cybersecurity. Such a professional shpold be the only to look at the issues abiout threats likely to befall the organisation. The company since it provides xcredit cards to the customers it should ensure that they are using readers that are using modern EMV chip technology that make transactions in a more safer way. The modern EMV create unique transaction codes that are not re-usable.