Equifax Breach Costs Still Mounting with Recent $700 Million Settlement

How much could a single missing patch possibly cost? Try $1.4 Billion USD.

That’s the total running cost that Equifax has faced since its 2017 data breach which exposed sensitive personal information of nearly 150 million Americans. But what has made the Equifax breach so compelling to follow isn’t that it was the second largest data breach on record (Yahoo holds the #1 spot), but that it was completely avoidable and is shaping up to be the most expensive in terms of fines, settlement and legal costs.

A House Oversight Committee report found the breach was avoidable and criticized Equifax for not implementing basic cyber hygiene practices. In May 2019, Equifax became the first company to have its outlook downgraded for a cyber attack as the credit ratings agency Moody’s downgraded its outlook for the company from stable to negative. And just this week, an additional $700 Million dollar settlement agreement was reached to directly compensate consumers that were impacted by the breach.

What can we learn from the breach? That there’s no limit to the overall financial impact a breach can have on your organization. And, how you can proactively harden your environment to be secure.

1. Be a smaller target.

Being secure starts by proactively patching and updating systems based on known vulnerabilities and best practices. In fact, 80% of threats can be avoided in the first place simply by presenting a smaller, more difficult target for attackers to exploit.

The Equifax data breach happened because they didn't patch their systems — which left their systems vulnerable and a larger, more easily exploitable target to attackers. Equifax used the Apache Struts framework for their web applications and Apache Struts disclosed that there was a vulnerability in their code in March of 2017. They released a patch soon after and advised anyone who used Apache Struts to update their software so that the vulnerability wouldn't be exploited by others. Despite the fact that Equifax had months to update to the latest patch of Apache Struts, they failed to do so and this became the main way that the hackers were able to breach Equifax's data.

2. It’s time to take cyber hygiene seriously.

The corporate attack surface is only getting bigger, all while many organizations struggle to keep up with basic cyber hygiene. Without the operational excellence to continuously minimize exposure, companies are leaning too heavily on detection and response efforts in isolation with predictable results. It’s time to bring cyber hygiene to the front end of the endpoint security stack, and stop treating it as an operational catch up game.

This situation begs the question, “What is a reasonable time frame to patch your system once you’re aware of a known vulnerability?” And, the answer centers on you and your organization’s ability to manage and implement that. We know, “Easier said than done.”

Depending on your current patch management implementation, various factors can play into your organization’s ability to effectively manage and implement patch updates across all corporate endpoints. Factors such as the manual or automated nature of your patching and update process and technology, the size and skillset of your IT operations team, your ability to see and access all corporate devices, the size of your remote workforce, and other pressing IT initiatives your organization is striving to put into place. And, throw on top of all that the ever increasing number of security threats your organization is having to manage. We get it - staying on top of these growing threats can be difficult.

How Automox Can Help

The Automox cloud-based patch management platform was built with your current pain in mind. We understand that automation can be key in helping you manage your updates in a timely and immediate fashion. We built our solution in the cloud to allow you to have easier access to and visibility of all devices just by having them connect to the internet - no matter their location. We’ve designed our solution to be cross platform, so you can update your Windows, Mac and Linux devices from a single tool.

Our philosophy centers on helping your organization become a smaller target by reducing the exploitable attack surface of your corporate properties. Our belief: Patch and configuration management doesn’t need to be hard – particularly when it’s becoming more and more important and potentially expensive.

Learn more about our cloud-native modern approach to patch management at www.automox.com. Or, feel free to connect with an Automox expert directly.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-based and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-based patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.