Travel back in time to early March. At this point, the 2017 AFITC Conference was still still almost six months away. In Shanghai, Nike Zheng had recently discovered and reported a security flaw in Apache software. Apache, for their part, published the flaw and a software patch March 6th.
Apache HTTP Server, commonly known as just Apache, serves and estimated 46% of all active websites, and while hard statistics on the number of active websites is difficult to come by, most estimates put the number currently around 1,000,000,000. That would mean the Apache security flaw discovered in May would potentially affect 460 million websites.
By March 10th, the security flaw was already known in hacking circles and hackers had found a vulnerable target – Equifax. Over the course of the next four months hackers were able to extract the names, addresses, birth dates, and social security numbers of nearly 145 million Americans. Remember when we thought the United States Office of Personnel Management breach of the data of 22 million was bad? Unfortunately, for each of those 145 million Americans, the loss of this personal information is permanent. The risk of having your identity stolen won’t end tomorrow or next year or the year after that.
An investigation into this breach isn’t over, but it has revealed a few things already. First, companies, individuals, and really anyone online, has to keep cyber security top-of-mind. Second, despite many of the expensive systems and software Equifax used, they were still vulnerable. Perhaps it was poor management? Maybe it was simply people do a poor job of doing their job? Regardless, attacks are a constant threat. They aren’t going away, and they are only growing in scale and severity.
It’s apt to remember, that not unlike the dinosaurs, if you’re not evolving as quickly as the world around you, you’re going extinct.