The massive 2017 data breach at Equifax showed a growing trend of ignoring critical patching of systems. Two years later and a senate inquiry, we now see the problem was much worse.
In addition to Apache Struts not being patched, there were thousands of other systems that were not patched. Patches are updates that fix, or ‘patch’ vulnerabilities in code of programs. Failure to run these updates significantly increases the likelihood that your computer network and data can be attacked.
It seems that those in charge at Equifax didn’t bother to prioritize patching as a high vulnerability, despite a 2015 audit showing 8,500 vulnerabilities.
While understanding how 160 million identities were compromised is important, those identities are still stolen and likely sold for identity theft. For those effected, a credit freeze with all three credit bureaus is a must and credit monitoring with all three bureaus is also recommended.
For offices ACS supports, we take patching seriously and it is one of the cornerstones of our security services. Operating Systems and Internet Programs are updated shortly after release and documented through our ticketing system. Typically when we do a HIPAA audit on an office that utilizes another IT Provider, we find Windows updates are being done, usually on an automatic basis, however, the Internet Programs (Java, Adobe, Flash, IE, Firefox, Chrome, etc.) are rarely updated since they either have to be manually updated or a monitored program that runs updates and patches is usually part of a paid service with IT Providers. If you are an ACS IT Client, this is all done for you. If you aren’t an ACS client, check to see if this critical part of your security posture is in place and if not, give us a call.