The event wasn’t really anything new. Like the occurrence of hurricanes, tornadoes, volcanic eruptions, earthquakes, wild fires and other major natural calamities, data breaches come around from time to time almost as naturally and expected as Mother Nature’s furious punishments. Differentiated from one another by a numeric sliding scale that measure their severity and the totality of their mayhem on the populace, natural disasters are recognized as unavoidable as they routinely play havoc on populations all around the world.
Data breaches, while unfortunately common in today’s data driven world of commerce and social interaction, can be defended against by pre-breach, cybersecurity deployments that may lessen their impact or result in their total avoidance. Breaches of consumer’s private information are not yet measured by a numeric scale of severity, but the latest data breach at Equifax just may have raised the upper limits of the damage impact bar.
The recent Equifax incident resulted in the privacy of 143 million customers being violated, but the total impact may be much larger and may initiate additional unintended disclosures of financial information by hackers for some time to come. The domino effect may continue for years given that the most noted information stolen was customer’s social security identification numbers. With this one number, bad actors are capable of unlocking and laying bare all there is to know of an individual’s identity. Unlike credit card information, Social Security numbers are for life.
Surprisingly this was the third time Equifax had been hacked this year. To not learn from the previous experiences and enact additional safe guards to avoid additional breaches is a failure of leadership and culture as much as a failure of network security. “Equifax sits on the crown jewels of what we consider personally identifying information,” says Jason Glassberg, cofounder of the corporate security and penetration testing firm Casaba Security. “You’d think a company like that, guarding what they’re guarding, would have a heightened sense of awareness and that clearly was not the case.” Equifax has provided a website where customers can find out if they are impacted by the breach but has no intention on notifying consumers if they are impacted. The company will provide affected consumers with the option to enroll in TrustedID Premier for a period of one year.
With more than 2,200 data breaches occurring so far this year alone, companies need to step-up their preparations for responding to an inevitable breach. To effectively secure personal information and networks, company leaders need to understand that that privacy and security are coequals. Applying concepts of basic cyber hygiene and realizing that cyber security is an integral part of the company’s overall operations is essential.
Prior to retiring, Richard Smith, CEO of Equifax said, “Equifax will not be defined by this incident, but rather, how we respond.” The comment was seen as wishful thinking at best. Equifax will most assuredly be defined by this breach and the disparate response to it for decades to come. Being at the top of the most memorable list is not a good or profitable place to be when it is the list of the most monumental failures. After two decades and millions of dollars spent on cybersecurity the saga of failure and the effects on consumer’s privacy is bound to continue. Maintaining the status quo is clearly not an option.
Are you prepared for your next cybersecurity failure?