Lately, I have been going through different cybersecurity cases and trying to understand them beyond just "what happened". More like, what actually went wrong at a basic level.

While doing that, I came across one case which made me think:

Security is not only about stopping attacks, it is about not leaving the door open in the first place.

And that case is of the-

Equifax Data Breach 2017.

This breach exposed sensitive data of millions of users, and what caught my attention was not how advanced the attack was, but how preventable it actually looked.

The attack happened because of a vulnerability in Apache Struts, a web application framework. A patch for this vulnerability was already released earlier. But it was not applied on time within the organization. That delay created an open entry point, which attackers eventually used to access systems and extract large amounts of data over a period of time.

What I focused on here is not the attack itself, but the gap.

A patch existed. A fix existed. But it was not implemented.

That small delay, or maybe a missed process, turned into one of the biggest data breaches.

Because in this case, nothing new had to be invented by the attacker. The vulnerability was already known. The solution was already available. The issue was in not acting on it.

Another thing that became clear is how simple things scale. One missed patch on one system does not stay "one small issue" when the system is part of a large organization. It becomes an entry point into something much bigger.

So what I take from this is quite straightforward.

Cybersecurity is not only about preparing for attacks. A major part of it is about keeping systems updated, reviewed, and maintained regularly.