image

Could Equifax’ 2017 Data Breach Be Avoided?

Dec 23, 2019

In 2017, sensitive information of over 140m US consumers was stolen from the major credit bureau -- Equifax. This was due to a known software bug within the Apache Struts framework, a popular application used by web developers to host Java applications, which was in use by the Equifax' IT infrastructure.

A Bug That Wasn't Squashed

Even though a fix was released by the Apache Software Foundation, the IT team did not take action to mitigate the issue, probably due to thousands of other vulnerabilities they had to deal with, and with no way of prioritizing tasks.

Patching the security hole would have been labor-intensive, having to download the updated version of Struts and use it to rebuild ALL apps that used the outdated version. Then, test to ensure they don't break key functions on the site.

The Importance of Prioritization

Vicarius offers a next-generation vulnerability scanner that could have easily mitigated the situation, by finding the problem immediately without waiting for a periodical scan. Then, it would highlight the Apache Tomcat software as highly critical because of its execution environment on the specific web servers.

Vicarius’ Topia would prioritize the most updated security vulnerabilities to the IT security team at the organization, allowing them to take action to what REALLY matters. If these strategies were implemented into Equifax, the massive breach could have been avoided.

image

Written by

Michael Assraf

Recent Posts

  • 1

    Could the Vulnerability Fujiwhara Effect Be the New Normal?

    Kent Weigle January 18, 2021
  • 2

    Six Ways to Improve Your Patch Management Practices

    Kent Weigle January 05, 2021
  • 3

    Top Trending CVEs of January 2021

    Kent Weigle February 01, 2021
  • 4

    So I Really Have to Update Chrome?

    Kent Weigle February 08, 2021
  • 5

    CVSS: The Vulnerability Dartboard

    Kent Weigle December 16, 2020
yossi_default_1.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial