<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=699131483885781&amp;ev=PageView&amp;noscript=1">
Back to Avast SMB Blog

Dangerous Data: Prevention vs. Reaction

Daryll Swager Daryll Swager , 29 January 2019

It was early September of 2017. I muttered under my breath as I tried to confirm my data's involvement in the Equifax hack. The website was slow; I had jumped on immediately after hearing the news, along with tens of millions of other Americans. At that point, I was concerned that my personal data had been compromised. After multiple tries to find out, I got my answer:

I was caught up in the breach.

This one touched a nerve. I had experienced breaches before. For example, my Twitter account was compromised and spammed with false Ray-Ban advertisements. I'd even had my World of Warcraft account stolen at one point in the distant past, and recovery of that account was difficult.

This was different. It seemed bigger, and more dangerous - because it was.

A company with which I'd never done business had collected my sensitive data and failed to protect it. I assumed that my social security number, credit account data, credit history, current and past addresses, and more were in the hands of cybercriminals.

Preventing Hacks vs. Reacting to Hacks

Taking matters into my own hands, I took advantage of the free credit alerting from Equifax. I set watches on all of my retirement holdings, equity accounts, and enrolled in identity theft protection via another website. 

This affected me in several ways...

The stress that came with losing control of my personal data wasn't healthy. An unknown entity had a lot of information about me. What were they going to do with it?

I felt betrayed by a company who should not have had my data in the first place. 

A considerable amount of time and money from my own pocket was spent tracking the breach and taking measures to monitor my accounts.

This is a historic breach in both scale and data sensitivity, and validates the intrinsic value of information in today's digital world. Looking back, there was a chain of events which caused this:

  • First, an application vulnerability had gone unpatched on one application stack that handled dispute claims
  • Hackers exploited this vulnerability to steal cleartext usernames and passwords
  • The cybercriminals then circled back some time later with more tools that helped the data collection appear like regular network/web traffic, and ex-filtrated data from many more Equifax servers.
  • This attack went undetected for weeks or months, even though Equifax knew about the vulnerability. Could the breach have been stopped?

The answer: Prevention was possible.

Looking at this from the company's perspective, this type of breach could happen to anyone regardless of organization size. Budgets are always strained for IT systems and tools, while prevention often takes a back seat to reaction. That's backwards thinking.

Preventing breaches is far less expensive than the financial and reputational damage of a cyberattack

So, if you're in the IT Security department at your organization, do you have adequate breach prevention in place? We're here to help you find out.

Avast Business is offering a free IT security assessment which can help you find out if your business is vulnerable to a data breach or cyberattack. It includes:

  • A series of leading questions to asses how your organization is preventing threats
  • Running an automated tool in your environment (with permission), which will identify strong and weak points in your cyber defenses, giving you a well rounded view of your security posture
  • Your strengths are addressed and recommendations are given to prevent your business from falling victim to cybercriminals.

The adage about an ounce of prevention...

Security Assessment

Related articles

IT Security

5 ways IT service providers can boost security sales

Generating consistent, recurring revenue and finding new ways to continuously provide value to customers is something that many IT providers struggle with.

07 January 2020 16 min read

Network Security

Security appliances – is "all in one" really all you need?

On premise and UTM security appliances often offer "all in one" protection. When in fact, most appliances sized for the mid-market fail to provide the essentials layers of security to adequately protect your clients. If you are using or planning to use an on-premise security appliance to keep your customers safe from cyberthreats, here are a...

05 September 2019 6 min read

Network Security

The Hidden Costs of Network Security and UTM Appliances for SMBs

The interesting and attractive part of a network security appliance is that you can just plug it in to your network, get it configured, purchase a support contract with your hardware vendor, and then you're all set. When one takes a look with a focus on other costs, however, the flaws and blemishes become clear. Let's take a look at some of...

21 August 2019 8 min read