Patching, Managed Services and the Equifax Breach

The news reports indicate that the massive Equifax breach was the result of a failure to patch a vulnerability in Apache Struts.  The vulnerability was publicly disclosed on March 10 and was exploited at Equifax between May and late July.

During that window, Equifax did not patch this know vulnerability.  Software patching is a part of any credible managed services solution.  At Magnet Solutions Group, we do software patching for all of our managed services clients.  

Software Patching is A Core Cybersecurity Practice

It’s shocking that this patch wasn’t implemented by Equifax.  Now, it should be noted that patching software like Struts can require a lot of additional work, depending on other software that is integrated in a system.  So, it wasn’t necessarily an ‘easy’ fix.  But, if Equifax had its network set up in a way that such a vulnerability in their web interface could potentially provide access to their database of hundreds of millions of consumer credit profiles, then it was incumbent upon them to have the resources in place to act quickly on any identified vulnerabilities.   Their whole business is collecting and safeguarding a massive stock of valuable data.

The lesson for other businesses out there is to make sure you have a regular patching system in place and that you’re keeping your network and data as secure as possible.