Monday 31 December 2018

Equifax Data Breach Report

This report from the U.S House of Representatives describes the Equifax data breach in detail. For such a large financial organisation, the shortcomings are breathtaking, but the report makes for a fantastic learning opportunity. It gets to show how these large organisations don't implement even basic security controls or otherwise take cybersecurity seriously, even when the implications are astronomical.

https://oversight.house.gov/wp-content/uploads/2018/12/Equifax-Report.pdf

Some of the high level findings include:
  • Ineffective IT coordination
  • Siloed IT and Security organisations
  • No accountability
  • No clear owner for business, application and systems
  • Patch management process breathtakingly flawed
  • Vulnerabilities not adequately remediated or tracked
  • Lack of hardening standards
  • Certificate management process completely flawed
  • Insufficient documentation
  • Lack of asset inventories
  • No network segmentation



No comments:

Post a Comment