The Cost of Carelessness
Is it possible to quantify carelessness? Recent news about Equifax has shown the veracity of carelessness seen in the cybersecurity department of major corporations and countries. This year alone, we have seen many companies that we trust with our personal information fail us. Because of this, the catastrophic failures of cybersecurity in recent years are starting to really weigh on the minds of citizens and lawmakers alike. Is 148 million compromised consumers considered careless? How about 500 million?
A Look Into Equifax Breach
Articles have appeared everywhere about the discoveries on Capitol Hill this week regarding the 2017 Equifax breach. The House report states Homeland Security warned Equifax about the flaws and vulnerabilities of the ‘Apache Struts’. ‘Apache Struts’ was a open source web browser that powered Equifax’s web facing system. In addition to using an unpatched server, their web-facing system was five decades old! A company of that magnitude running any type of hardware that old can only be deemed as careless. Unfortunately, this is but one of many reckless actions we have come to expect from companies in regards to cybersecurity.
It Gets Worse
The sins of Equifax also include refusing to follow simple monitor and update procedures. Equifax had a device to monitor the network traffic of their vulnerable server. This device would have been able to detect the mass ex-filtration of data. However, the device had been inactive at the time of the attack. The device was inactive due to a security certificate that expired 19 months prior. Equifax stored 1,200 times the amount of data stored at the Library Of Congress. But as they say, with great power is comes great responsibility.
Passing the Buck
Equifax blamed its carelessness on the actions of a single employee. However, this is now assessed as inaccurate. Actions like this make it harder and harder to trust that companies are able to handle the responsibilities associated with data storage. Yet, we still uncritically plug our information into Amazon, use credit cards at Target, and many of us have not deleted our Facebooks. Is today’s society so blind to the threat that is lurking in the shadows of the dark web?
The most obvious answer is that there just is not enough emphasis on cybersecurity or the recruitment of qualified personnel. However, when we hear a story like Equifax, it starts to seem that the largest enemy of security is apathy. Companies are apathetic to the cyber threats facing them because until experience a breach firsthand, the threat is abstract. Additionally, consumers are apathetic to data breaches because they are so common.
So where does this conundrum leave us? We continue to see these events in the news on a daily basis. Equifax is not an isolated incident. The corporations that are marketing their progress in cybersecurity are usually the ones recovering from a breach. When do we take a stand? We must be educated and proactive or we will continue to be defenseless. Carelessness is not an option anymore. We must keep the companies, who hold our personal information, accountable for their actions. Additionally, we must keep ourselves accountable to practice good cyber hygiene and keep ourselves informed on the latest cybersecurity issues!