Friday, September 8, 2017

Equifax Breach – Early lessons learned and six point action plan

In this post, we’ll discuss a few early lessons learned from the Equifax breach announced yesterday.  We’ll also recommend a six point plan to avoid becoming “the next Equifax” based on what we know today about the breach. Rendition is in no way involved with the breach assessment for Equifax and we have no inside knowledge.  However, we will discuss the publicly available information so organizations can take action to avoid a similar breach.

Note: In the coming days and weeks, you’ll likely be inundated with vendor pitches claiming they can stop you from becoming “the next Equifax.” Be wary, be very wary.  If it sounds too good to be true, it probably is. In information security, there are no silver bullets. But that’s okay – werewolves probably aren’t part of your threat model anyway…

At Rendition Infosec, we endorse the SANS Institute six step Incident Response (IR) process.  For those not familiar with the process, the steps are:

  1. Preparation
  2. Identification
  3. Containment
  4. Eradication
  5. Recovery
  6. Lessons Learned

This conveniently spells PICERL.  A handy mnemonic to remember this is “Patched Infrastructure Could’ve Easily Reduced Losses.”  This is great because it’s simple to remember AND true.

For this post, we’re going to focus on the preparation and identification phases since those are what we know the most about so far.

Read the full article with our six step action plan on the Rendition Infosec corporate blog.