Insights from Uday Ali Pabrai
Organizations should learn from the experience of Equifax and others so cybersecurity and compliance programs can be better positioned for 2020.
Here are a summary of key fasts associated with the Equifax breach:
- About Equifax: Among largest credit-reporting firm
- Exposed nearly 150 million Americans’ personal information
- About $700 million settlement with FTC and AG of many States
- Breach Disclosed: September 2017
- Personal information compromised included: SSN, birth dates, addresses
- Hack fact: Among the biggest consumer-data breaches
- How did the hackers compromise Equifax?
- Hackers were able to make their way into Equifax’s systems through a software flaw that the company neglected to patch
- A malfunctioning scanning tool allowed hackers to roam undetected in the Equifax network for months
- Impact of Equifax breach? Within weeks of breach announcement, the CEO retired and state and federal officials launched investigations
- Equifax cyber budget: Equifax on track to spend $1.25 billion enhancing security systems and upgrading technology
- Equifax cyber areas of improvement: Focus on cyber defense capabilities, patch management, and disaster response protocols
Lesson for Businesses: Perform a comprehensive and thorough cybersecurity risk assessment. Remediate gaps. Develop credible cybersecurity program (plan), incident response plan and disaster recovery plans. Implement active monitoring capabilities. Ensure skilled cyber team is in place. And critical, CISO reports to CEO monthly, and Board quarterly – without exception! Contact Ali Pabrai at Ali.Pabrai@ecfirst.com for an infographic on active cyber defense.
Date: July 29, 2019