• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Current News   »   Equifax Breach – an Example of Good Communications

Equifax Breach – an Example of Good Communications

  • Posted on:September 8, 2017
  • Posted in:Current News, Security
  • Posted by:
    Mark Nunnikhoven (Vice President, Cloud Research)
0

UPDATE: Please note we’ve provided a follow-up to this blog post here after more information regarding this breach was released.”

Equifax announced a massive breach that could impact at least 143 million US consumers. That’s 44 percent of the US population. This breach will have a significant impact on a lot of people.

Companies in the financial sector take cybersecurity very seriously. Part of that work is accepting the reality of today’s threat landscape.

Security teams work to prevent as many attacks as possible but also practice and plan to recover quickly when a breach does occur.

Cybersecurity incidents are complex in nature. Businesses that operate at the scale of Equifax have a lot of moving parts and many different teams that need to co-ordinate their work.

All of this work has to happen while the day-to-day business of the company continues as undisturbed as possible. It’s a difficult balance to maintain.

Incident Response

Based on their current statement, we know a few of the facts:

  • Attackers had access to the data mid-May to 29-July-2017
  • Once the company detected the intrusion, they stopped it
  • Once stopped, they called in an reputable outside firm to help with the forensics
  • After assessing the impact to consumers, they’ve taken steps to help protect them from further damage

From the outside, this shows us that Equifax has a strong incident response process in place and that process is working. Some may question calling in an outside firm to help with the forensics but there are a couple of significant advantages to doing so.

The first is to have more hands on deck. A true forensics investigation takes a lot of time and is a huge undertaking. Getting additional trained staff to take on this work allows the core team to continue to defend the network and help restore operations.

The second advantage is that an outside team approaches the problem with fresh eyes and no preconceptions about how various systems are integrated. They ask questions that existing teams may overlook.

Equifax hasn’t released any technical details about the intrusion yet beyond that the attackers used an vulnerability in one of their applications to gain access. That’s ok, that information isn’t valuable to the impacted consumers at this point.

What is important is the communications around the breach and that’s where Equifax stands out as a positive example.

Breach Communications

Most breach notifications follow a very predicable pattern. It’s one we’ve seen used time and time again and it’s long been a sore point for most people in the security community (myself included as I’ve been complaining about it for years now).

The general pattern is this:

  • We’ve had a breach
  • Don’t worry & don’t blame us
  • We’re doing what we can to make this go away
  • Here’s some basic coverage to protect your credit score

Breach communications are often written in legalize or least in bland corporate speak. Understandably so as they are designed to minimize liability as well as reduce panic or concern. It’s an unfortunate example of good intentions getting pushed down by process.

Equifax bucks this trend and—while the language could still be less formal—does a fantastic job of clearly explaining the issues at hand.

Clarity

Their statement (which has already been updated to include new information) clearly states the:

  • scope of the breach
    •    143 million US consumer records
    •    An unknown number of Canadian and UK consumer records
    •    ~209,000 US consumer credit cards
    •    Dispute documents relating to ~182,000 US consumers
  • steps they taking to gather more information
  • how that information is being communicated to affected consumers
  • who they are working with to address the situation
  • what they have already setup to help consumers deal with the situation
  • that they accept ownership of the issue

It’s this last point that really stands out. In the breach notification, they have a quote from their Chairman and CEO, Rick Smith. Having a senior executive quoted in a notification is somewhat common, though it’s rarely the CEO. Equifax takes this a step further and has a video from Mr. Smith explaining the situation.

Equifax is the victim here. But they’ve put that aside and their leader is on camera taking ownership of the issue and doing his best to help affected consumers deal with the situation.

This is exemplary work by their incident response team.

No Winners

Cybercrime is a growth area for criminals. Data is extremely valuable and a dataset of this size could be worth $27 million or more in the digital underground (based on the lowest pricing in our North America Underground paper. Page 14. $19 per 100 records).

That’s why we’ll continue to see more and more attacks by criminals moving forward. Despite the defenders best efforts, some of these attacks are going to be successful.

Teams that fail to plan for a breach, will fail. Incident response plans should clearly lay out responsibilities, how teams communicate (outside of email), and a pre-approved external communications plan that you can work from. This is not a scenario where you want to be shooting from the hip.

Equifax was clearly prepared to handle the fallout from a breach. That’s a sign of a well trained, well prepared team. We should all follow their example.

Are you prepared to handle incidents when they occur? How has your organization’s leadership reacted to your external communications plan? Let me know on Twitter where I’m @marknca or connect with me on LinkedIn.

Related posts:

  1. We will see one major data breach incident a month
  2. The Equifax Data Breach: What Do I Do Next?
  3. Sound, Fury, And Nothing One Year After Equifax
  4. This Week in Security News: Senate Hearings and Equifax Breaches

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.