New Information Shows the Breach Worse than First Reported
How worried should you be about last year’s Equifax data breach?
How worried should you be about last year’s Equifax data breach?
Topics: Equifax data breach, Latest Publications
Equifax, one of the major credit reporting agencies in the U.S., reported a data breach Sept. 7 that affected 143 million consumers. The hack is one of the largest ever recorded and may have released personal details of an estimated 44% of the U.S. population.
According to The Apache Foundation, makers of an open-source software used by Equifax to create Java web applications, cybersecurity professionals offered Equifax security updatesthat would have resolved the vulnerability two months prior to the hack.
The U.S. Federal Trade Commission, the congressional House Oversight Committee, the Consumer Financial Protection Bureau, multiple state-level attorney generals and departments of financial services have all begun an investigation of the breach and Equifax’s cybersecurity incident response.
This week Equifax announced that their Chairman, Richard Smith, has stepped down as CEO following the cybersecurity breach. The week before, Equifax’s chief security officer and chief information officer stepped down as well. Despite the distance that exists between the senior executives of large organizations and their IT professionals, executives are largely held accountable for oversights, especially when they have a negative impact on consumers.
Corporate directors need to pay attention to the wide range of cybersecurity risks uncovered by this attack, and should implement measures to address any vulnerabilities their companies face. In times like this, any board will come under extreme scrutiny. They will be asked how they handled several executive issues, including board management, data privacy oversight, and executive compensation policies.
In particular, all boards should be concerned about cybersecurity policies and examine their capacity to defend against today’s rapidly expanding data theft. Henry Stoever, Chief Marketing Officer at National Association of Corporate Directors (NACD), says, “There are two kinds of companies: those that know they’ve been hacked, and those that don’t know they’ve been hacked.” Accordingly, Stoever states that there are six action steps for corporate directors to take to improve cyber security measures:
In a statement released to the public, Equifax CEO Richard F. Smith stated “This is the most humbling moment in our 118-year history.”
Equifax has the opportunity now to refine their accountability practices. Public opinion and stock value for Equifax have suffered as a result of the incident, the late release of information to the public and the subsequent discovery of issues with the company’s phone system and website. Taking steps to ensure regular assessment of their compliance and performance would go a long way in earning back the public’s trust.
The lesson here for every board member is that cybersecurity is an increasingly importantenterprise issue that affects all levels of an organization’s operation. It requires comprehensive strategy and risk assessment. Cybersecurity is complex and must evolve quickly to combat cyber threats of increasing severity. These threats can cause significant financial, competitive and reputational damage.
If you’re not sure how to get started with a robust cybersecurity plan, ICE can help. For many companies, our Managed Security Services can cost-effectively solve these issues quickly and completely. Contact us today and let our experts help you improve your company's security and put your risk on ICE.
Topics: Cybersecurity and Board of Directors, Equifax data breach, Cybersecurity & board of directors, Latest Publications
© 2019 ICE Cybersecurity. All rights reserved.