Over the past few years the companies either ‘fessing up or being outed by the media for data breaches has dramatically increased, as has the scale of them. There persists for far too many companies, this fantasy that it will never happen to me, and rather than accepting the inevitability (in some form or another) and putting into place mitigation technology, they ignore the threat, tiptoeing down sniper alley as fellow corporates with similar attitudes drop around them.
A couple of years ago, Equifax were victims to a massive breach. Around 143 million American and 700,000 British citizens lost a variety of data including social security numbers, birth dates, addresses and even driver’s licence IDs. To make matters worse the way in which Equifax reacted and handled the breach was a lesson in what-not-to-do. Delayed disclosure in order to sell $2 million worth of stock shares by company executives demonstrates the unpreparedness, sheer dishonesty and bungling from the top tier of the company. Were Equifax serious about security? Their Security Chief was qualified as a Music Major whose login credentials were up for grabs on the dark web and the company database sign-on was set to admin/admin. Come on! Really? This is a company whose primary function is to deal with personal information and is one of the largest in the world!
In September 2018 the U.S. General Accounting Office (GAO), released a comprehensive report that examined the reasons for the breach and the company and governmental actions since the breach. Much was promised but very little has been done, $200 million was earmarked for additional security systems but the attitudes from senior board has not made any real changes in Equifax’s outlook, they seem entrenched in a one-hit-wonder mentality. Senator Elizabeth Warren commented on Richard Smith, CEO of Equifax that he was… “At best incompetent; at worst complicit. Either way, should be fired.”
Lee Child’s literary hero Jack Reacher’s quote “hope for the best, plan for the worst” is probably the best advice in security terms that a company can take. If you’d like some help on the best route to take for your business, we’ll be discussing all things security in our ‘cyber zone’ at Techfest in June. Failing that you could always get Jack on your side and put him in charge!