What Equifax, Sony, and Target Could Have Done to Prevent Data Breaches
ypically, the content I write is technical. However, this week I was approached by a peer at a medium sized company for the answer to the question, “What can we do to be more secure?” In my opinion, there are three things businesses can easily implement to avoid a breach. Unfortunately, there are three enterprise level companies who failed at implementing at least one of these things, and serve as excellent examples for what can happen if these three things are not put into effect.
You would think that in 2018, “What can we do to be more secure?” would not still be a question that is asked. But with high profile hacks and people making the same mistakes over and over again, I wanted to share my opinion on this. The biggest impact that can be created from the least amount of work include: patching, changing passwords, and segmenting your network.
Let’s dive into these three things through examples of some of the biggest hacks in history.
Clearly, I am a believer of patching your machines. I mean, Automox exists to make patching easier. Equifax was hacked through a vulnerability in Apache Struts. This vulnerability was discovered, and although the staff knew about the vulnerability, it remained unpatched. Think about that, 143 million social security numbers exposed because of a missing patch. At a cost of around $439 million dollars to Equifax, it could have been prevented with some simple patching.
Now, to be honest, most operating systems do not include a package for struts. However, if you are running a web application in production it is very easy to make a custom .rpm or .deb file. Heck, rpmbuild and a spec file and you are done.
Check out our cloud management platform for patching for free at https://console.automox.com.
In 2017, Verizon reported that 81% of hacks used stolen, default, or weak passwords. One of the most memorable attacks of this kind is the Sony Pictures hack in 2014. Hackers used stolen credentials to push out a GPO to wipe all machines and exfil an incredibly large amount of data.
Before you tell me that passwords are outdated and send me the amazing XKDE “correct horse battery staple” example, I know that passwords are not perfect. But if your “correct horse battery staple” passphrase is used on every one of you sites and you get phished, enter it on a compromised site, or the site stores in plaintext and the db gets dumped, it is lost.
Set up a password stash tool like KeePass or LastPass to help you store your hundreds of passphrases that you need for all of your sites. Having a password stash makes it easier to change your passwords because you only need to remember the password to your stash.
P.S. No matter what you do, use two factor authentication in all of your apps.
Networks confuse people more than any other part of security. I think this is because networks to most users ‘just work’, or act an excuse to blame all problems on “the firewall blocking it”. (hint: it probably isn’t)
When Target got hacked and lost 45 million credit card numbers it was because they had poor network segmentation. A third party that controlled their HVAC was hacked, and it was on the same network as the point of sale machines. The hackers then installed a backdoor on the POS machines via a VPN connection from a third party vendor to the Target network. This meant there were not any ‘real’ obstructions for an attacker.
VLANs are free, a combination of VLANs and ACLs can prevent a malicious actor from traversing from one area to another, especially if that area touches PCI data.
These are my top three things to do to improve your business’s security posture today. By patching, securing your passwords and implementing network segmentation you will significantly improve your the security of your business.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.