Monday, 31 December 2018

Equifax Data Breach Report

This report from the U.S House of Representatives describes the Equifax data breach in detail. For such a large financial organisation, the shortcomings are breathtaking, but the report makes for a fantastic learning opportunity. It gets to show how these large organisations don't implement even basic security controls or otherwise take cybersecurity seriously, even when the implications are astronomical.

Some of the high level findings include:
  • Ineffective IT coordination
  • Siloed IT and Security organisations
  • No accountability
  • No clear owner for business, application and systems
  • Patch management process breathtakingly flawed
  • Vulnerabilities not adequately remediated or tracked
  • Lack of hardening standards
  • Certificate management process completely flawed
  • Insufficient documentation
  • Lack of asset inventories
  • No network segmentation

No comments:

Post a Comment