We all heard about the Equifax computer breach.
Which was entirely preventable¹
The problem was a little known piece of software called Apache struts, which had a vulnerability and thus if attacked would be the entry into the webserver at Equifax.
So a software vulnerability within the web server caused a weakness, and the hackers used this weakness to break in. Once the hackers were on the webserver, they had to get additional access and reviewed the server information to find a database that could be useful to the hacker.
So what can a Company do to prevent these kinds of breaches?
First one has to know what software one has.
Then keep up with the latest patches and updates for all software.
Seems easy right? Well sometimes there are complications. But one has to try and make the updates as quick as possible. It is tough sometimes on big servers though. As the big servers may have to reboot after an update and there is always a chance something unknown happens. So the window of opportunity to make updates may be only Saturday at midnight. And then you might have to be ready to restore and recover if more serious problems, thus means resources must be available to be down and recover for several hours on Saturday midnight until it is brought back up.(could be several hours).
So to recap one needs to update software and make changes to the server with possible significant downtime.
Second, must have anti-virus or malware software software that is updated and operational.
Third, educate your employees to not perform risky Cybersecurity actions (Social engineering tricks and phishing methods).
If it only takes these 3 steps
- Update and patch your software
- Have an updated Anti-virus software
- Employee education on social engineering and phishing.
So why doesn’t everyone do this?
Our mission at Oversitesentry (Fixvirus.com) is that everyone _should_ do this
We propose to small and medium business:
Tell your consumer that you have done the minimum Cyberdefense (and thus you will be around even after an attack)
We propose to the consumer:
Tell businesses where you spend money: get the shield (Oversitesentry approved) so they can stay in business even after a Cyber Attacks.
Contact Us to discuss.
- (story by Wired) and by story David Krebs