https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Security Central: Equifax Struck Down in Spectacular Breach, U.S. Bans Kaspersky Lab

  • Written by Allison Francis
  • September 16, 2017
This week’s Security Central takes a peek inside Equifax’s massive security breach, explores the ban on Kaspersky software, and takes a look at the true cost of a worldwide data breach.

So, not a great week for credit-reporting company Equifax. If you’ve set one toe out of the house or even glanced at any form of media since last Friday, you know about the Equifax security breach that exposed the personal information of 143 million customers in the U.S., Canada, and the U.K. That is a lot… of people.

The attack is being classified as one of the most intrusive security breaches in history, the stock falling the most in almost two decades. Hackers drilled into a website application and were able to access names, addresses, Social Security numbers and driver’s license numbers, Equifax said in a statement last Thursday.

“This is massive,” said Paul Martini, chief executive officer of Iboss, a cybersecurity firm. “This overshadows any other breach that we’ve seen to date — not just the volume, the size, but the type of data that was in that database.”

According to Wired, the vulnerability that attackers exploited to access Equifax’s system was in the Apache Struts web-application software, a widely used enterprise platform. The Apache Software Foundation wasn’t too remorseful about this, however. The company said in a statement on Saturday that, though it was sorry if attackers exploited a bug in its software to breach Equifax, it always recommends that users regularly patch and update their Apache Struts platforms.

“Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years,” Rene Gielen, the vice president of Apache Struts, wrote.

After the breach became known, security experts wasted no time reminding the world of the risk of consumers’ personal data being exposed online. And Equifax really, really stepped in it with this one – another case of a lesson being learned the hard and embarrassing way. The hackers laid bare the company’s critical vulnerabilities and not-up-to-snuff security practices – errors that left the company wide open to being breached.

This is a particular problem for the huge number of people who trust credit-reporting agencies like Equifax to handle and protect their sensitive financial information. (As reported by Talkin’ Cloud).

“It’s a huge deal,” said Tim Crosby, senior consultant with security-assessment firm Spohn. “You would expect these guys to have compartmentalized this data far enough away from a web server — that there would not be any way to directly access it.”

Equifax’s breach sets things back a bit in terms the financial industry’s attempts to boost security measures and prevent attackers from gaining access to financial information,” said Ferruh Mavituna, President and CEO of Netsparker, a web application security company.

“The Equifax hack is a perfect example that highlights how businesses can get bitten if web application security is not taken seriously. Researchers identified a cross-site scripting vulnerability on their website back in 2016, yet Equifax never responded to their reports and never fixed it.” (As reported in a previous article about the breach by The VAR Guy).

A real head-scratcher for those of you in the IT channel. There are countless examples of companies – both big and small – foolishly leaving themselves open to these kinds of attacks. When will organizations get smarter and take the proper security measures? What’s the solution?

Our second story revisits an old one – our Russian pals at Kaspersky Lab. There has been some heated back and forth between the U.S. Government and the cybersecurity and anti-virus provider, and it has finally reached a resolution. Well, sort of…

According to The Washington Post, the U.S. government has banned federal agencies from using Kaspersky Lab security software over suspicions the company may be tied to state-sponsored espionage. Yesterday, Homeland Security Secretary Elaine Duke issued a directive giving six federal agencies a timeline to get rid of the software from government networks.

The Department of Homeland Security “is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the department said in a statement. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

Kaspersky of course fired back, saying in a statement Wednesday that it “doesn’t have inappropriate ties with any government, which is why no credible evidence has been presented publicly by anyone or any organization to back up the false allegations made against the company.”

It also said that the Russian law requiring assistance does not apply to the company.

“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues,” Kaspersky said. “The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit.”

In a briefing with The Independent, R. David Edelman, who leads a cybersecurity project at MIT’s Internet Policy Research Initiative and Centre for International Studies, said that the move signals “the idea that we’re in a chilly period for U.S.-Russia relations, especially on cybersecurity matters.” I mean… what else is new…

Our final story this week digs down into the true cost of a worldwide data breach. To start things off, here’s a fun number: $53 billion. That is the current prediction of the true cost of a worldwide data breach. Yikes.

Crosby says the actual costs of security breaches aren’t just financial – they’re also in the court of public opinion.

“Where companies turn for help after serious data breaches must include a sizable public relations crisis management component to contain potential firestorm of financial and perception losses, says Crosby.”

Per Crosby, companies must be diligent in their monitoring and vigilant for security breaches. It is a constant duty to ensure their data and that of their customers is safe. So, what can be done to stem these attacks and minimize the data? Crosby says utilizing big data analytics to ensure any anomalies are quickly detected and shielded is the key. “A cybersecurity team must be vigilant about the activity on the network,” advises Crosby.

For providers, to prevent permanent damage to data and network systems, businesses should employ a host of protection programs that notify personnel when a threat exists.

The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Security Technologies

Related


  • Atera Investment to Help Company Assist More MSPs, IT Pros
    Atera works closely with more than 6,000 MSPs and IT professionals in 75 countries.
  • A digital cloud
    Infoblox Cloud Specialization to Help Partners with SaaS Sales
    The program marks a big step in the execution of Infoblox's SaaS go-to-market (GTM) strategy.
  • Football playbook
    New Commvault EMEA Channel Exec Outlines Plans for Channel
    Former Veritas exec Jamie Farrelly reveals his plans for the channel across all routes-to-market (RTMs).
  • Pile of Cash
    VC Firm Greenspring Associates Leads $40M Investment in MSP Electric
    Electric has raised more than $100 million with its latest C-Series funding.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Cybereason Hires Check Point, Fortinet Channel Leaders in North America Expansion
  • Andy Jassy of AWS Is Movin' On Up: Partners React
  • UK Channel Expects Big Growth in 2021, Cybersecurity a Big Driver
  • SASE: The Key to Mitigating Business Transformation Risk

Galleries

View all

From The Second City: How to Use Improv as a Business Tool

March 3, 2021

Industry Perspectives

View all

5 Ways XDR Can Improve Operational Efficiency for MSPs

March 4, 2021

Multi-Cloud: Strategy or Inevitable Outcome? (or both?)

March 3, 2021

Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution

March 2, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@PreciselyData acquired by Clearlake Capital, @TAAssociates. #digitaltransformation dlvr.it/RtzbKg https://t.co/1rNYnTScxq

March 4, 2021
ChannelFutures

Thanks for attending #CPVirtual. Here's a Day 3 wrap and a look ahead to #CPExpo Homecoming in November!… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

.@Veeam announces six annual Impact Partner Awards, with @SHI_Intl, @LogicalisUS, more. #cloud… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

#XDR can improve operational efficiency for #MSPs. @TrendMicro #security #endpoint #AI #threatintelligence… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

.@IBM adds two senior execs to leadership team at infrastructure IT spinoff, NewCo. @IBMNews @IBMPartners… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

RT @ChannelEurope: Craving more #EMEA news? Get the latest headlines, insights and commentary in EMEA directly to your inbox. Subscribe to…

March 4, 2021
ChannelFutures

Kelly Leonard of @SecondCity talks to us about how improv can be used as a business tool to improve the company cul… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

Another amazing day at #CPVirtual. Here's what you missed and what's on tap for Day 3. @Channel_Expo… twitter.com/i/web/status/1…

March 4, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X