The Equifax Breach, Patch Management, and Your Cybersecurity
How critical is consistent, comprehensive, timely patch management to effective enterprise cybersecurity? Credit reporting giant Equifax suffered a breach that put personally identifiable information (PII) at risk for as many as 143 million people. Days after the breach was first reported publicly on September 7, Equifax stated that it discovered in July that it had been breached in May. That breach succeeded via a vulnerability first identified in March, and for which a patch was issued within a week. Equifax has yet to disclose why that patch had not been applied to the server that served as the gateway for the breach.
Unfortunately, the Equifax breach is only the latest high-profile example of an all-too-common situation. At many if not most enterprises – perhaps including yours – consistent, comprehensive, timely patch management is simply not happening. Verizon’s 2017 Data Breach Investigations Report found that across multiple industries, cybersecurity attacks can compromise networks in seconds to minutes, but discovery and remediation of incidents and threats can take weeks, months, or even years.
In some cases, this is due to complacency. In August, Australian accounting software provider MYOB surveyed 394 of its small and midsized enterprise customers. As ZDNet reported, among those respondents, 87 percent said they believed their businesses were safe from cyber attacks, primarily because they use antivirus software. Another 32 percent said they did not need to improve cybersecurity at their enterprises because they did not have a significant online presence.
Read the entire article here, The Equifax Breach, Patch Management, and Your Cybersecurity
via the fine folks at Ivanti.