Recently, we have heard of how Equifax servers were hacked by black hats. According to sources close to the credit reporting agency responsible for monitoring credit breaches, Equifax servers were hacked in mid May and went undetected until the month of July.

Equifax Inc. is a consumer credit reporting agency in the United States, considered one of the three largest American credit agencies along with Experian and TransUnion.

Hackers who broke into the servers stole driver’s license numbers and about 209,000 credit cards. This particular breach has affected almost half of Americans and it is really devastating because until May, Equifax is deemed as the most secure and trusted credit reporting agency holding data of half of US population.

Our security engineers sat down to discuss, analyze the breach and came up with lessons all and sundry could learn from equifax breach.

1. Don’t trust security. It’s a myth:  

“Our servers are secured from hackers”. “Our servers are behind robust firewalls”. These statements are commonly found on the web nowadays.  However we should not trust these words from vendors. Equifax is noted for storing users’ data in a secured place yet it was hacked. Don’t trust security. It’s a myth.

2. Place emphasis on prevention. Not safety: 

One of the best ways to recover from a data breach immediately without even the media being aware of is to put up a prevention plan. Prevention plan is far from different from safety measures or tips. A prevention plan can’t stop hackers from breaking into servers but it could prevent them from achieving their main purpose. For instance, storing users’ data in a server behind a firewall can’t stop hackers from breaking your server but accessing raw data of customers may be difficult because of hashing and salting of data.

3. To be hacked is inevitable: 

Despite numerous, safety measures recommended by so-called “cybersecurity experts”, likewise equifax, no company under the sun is invulnerable to hackers. The best option you have now is to hide yourself by not announcing that your “web portal is secure or your servers are hardened” or make it difficult for hackers by putting up firm prevention measures.

4.  Detection tools can’t stop data breaches: 

If you begun from the very first line of this article, we concluded that sources close to Equifax told media that equifax servers were hacked around May undetected. A mega company such as Equifax definitely surely have detection tools installed on their server to detect attacks from hackers. However, it seems detection tools on their servers failed to detect any unauthorized entry. We advise to implement detection tools but don’t rely on them fully.

5.  Audit your systems regularly:

We advise everyone to take this particular lesson with all seriousness. Auditing your systems regularly is sure way of ensuring that both clear and hidden loopholes are detected even before hackers attempt to breach your servers.

We encourage everyone interested in secure storage of data to reflect on these lessons to prevent future server breaches.

#ISA_informs 

#ISA_ltd