Equifax’s data breach of nearly two years ago hasn’t taught a majority of Fortune 100 companies a lesson, with reports stating that most are using the same vulnerable version of software that enabled hackers to infiltrate Equifax.
According to a report citing data provided by open source automation company Sonatype, in the second half of 2018, two thirds of Fortune 100 companies downloaded versions of Apache Struts with the same vulnerabilities that Equifax had when it was breached. And that comes even with nearly two years’ worth of patched Apache Struts available in the marketplace.
The report noted that Sonatype won’t name names, but did say the group that downloaded the vulnerable software includes more than half of the 26 Fortune 100 financial companies, 19 energy companies and more than half of all healthcare and tech companies that make up the Fortune 100. In total, more than 18,000 businesses have downloaded the vulnerable version.
The data provided by Sonatype comes at a time when all companies and industries are bracing for more cyberattacks in 2019. As the hackers get more sophisticated, they are employing tactics that the companies aren’t prepared for.
Take Robert Ackerman, Jr., founder and managing director of cybersecurity venture firm AllegisCyber, and co-founder of DataTribe, a cybersecurity startup in Washington, D.C. In late December, he warned that companies should brace themselves for a rise in data breaches this year, thanks in part to malware that is constantly improving and being deployed more aggressively. Ackerman urged companies to be on the lookout for artificial intelligence (AI)-driven chatbots that can do the bidding for the bad guys, getting people to click on links that have malicious code installed on them or download files that are designed to help a hacker get inside. The cybersecurity expert also expects a big uptick in nation-state attacks, in which routers and networks connected to storage devices are infected.