Hackers Break the Equifax Bank
All companies have confidential information, but certain businesses hold more sensitive data on consumers than others. Credit monitoring firm Equifax is one of the best examples of this phenomenon, which makes their data breach all the more outrageous. The organization suffered a data breach potentially affecting 143 million US adults, a significant percentage of the population. Hackers stole personal information including names, birth dates, Social Security numbers, addresses, and some driver’s license numbers.
Equifax only released limited details on how the breach happened, citing a vulnerability in a US website application. Today, it’s common for companies to employ dozens of tools to gather, manage, and store information; the sprawl of applications can quickly outpace the IT security team’s ability to protect data.
Equifax’s stock price plunged more than five percent immediately following the news. As a cruel slap in the face, three Equifax executives sold a total of $1.7 million in stock after the discovery but before public disclosure of the breach. Consumers, investors, and regulators will certainly watch out for more details from the investigation over the coming weeks and months. In many cases, organizations do not feel the full financial impact of a data breach until years after the incident.
Equifax Says Website Vulnerability Exposed 143 Million US Consumers | Steve Ragan, CSO
Three Equifax Managers Sold Stock Before Cyber Hack Revealed | Anders Melin, Bloomberg
Old News: Passwords Are Still Risky
Passwords remain one of the most common targets for hackers. A single stolen password can create a ripple effect that spreads to additional services and users as passwords are reused across accounts and phishing emails are sent to the account’s contacts. In an example of this vicious cycle, researchers discovered a network of 711 million email accounts hackers used to distribute malware. The sophisticated attack included a reconnaissance campaign to gather information for more targeted outreach.
Identity providers like Okta, which recently hosted its annual user conference, give companies a tool to enforce multi-factor authentication for enterprise applications. The challenge is that employees often use services without IT’s knowledge and authenticated users can take risky activities within cloud services. For these reasons, visibility into cloud usage post-authentication is an essential layer of security on top of multi-factor authentication for greater cyber resiliency.
711 MILLION Email Accounts Weaponized by Onliner for Spam Campaigns | David Bisson, Graham Cluley Blog
Machine Learning Makes Security a Fair Fight
IT security professionals face an unfair battle. That’s not pessimism – just an observation of the fact that companies need to invest much more money and human resources in keeping data safe than criminals do in breaking in. This is because IT security teams must successfully protect against every attack, while hackers only need to be successful once. In looking to even the playing field, companies have turned to artificial intelligence.
Cybersecurity often comes down to looking for a needle in a haystack, whether for a human error that exposes information or a malicious hacker exploiting a vulnerability. Compounding these challenges is the fact that there is a shortage of skilled professionals with expertise in emerging technologies.
Artificial intelligence and machine learning can help information security teams process the massive amounts of information that every company creates every day and separate the signal from the noise. Today’s security tools don’t just monitor for malware signatures or malicious IP addresses; they monitor for the signs of activity indicative of a malicious presence to detect rogue insiders or attackers disguised behind employee accounts.
Cybersecurity: An Asymmetrical Game of War | Hal Lonas, Darkreading
By the Numbers
The number of Gbps of today’s DDoS attacks, up from 150 requests per second in the ‘90s.
The number of cybersecurity experts interviewed in the latest TAG Cyber Security Annual report.
The percentage of transportation companies who reported experiencing an IoT attack.