Equifax: the Log4Shell lesson we failed to learn
The Equifax breach in 2017 was largely due to the firm failing to locate vulnerable Struts software in time to fix a patch, rather than negligence in patching, reports Pete Herzog. Equifax had assigned no responsibility for the affected apps and databases, and lacked solid procedures for finding and maintaining Java libraries. The failure to test a security rule before applying it production systems was another significant error. The incident holds lessons for the future, including the need to share cyber security failures with others, learning from past breaches, and regularly testing and training in cyber defense mechanisms.
Source: www.scmagazine.com
- Read more