Did the Equifax Breach Just Make the CISO’s Job Easier?

If you’re accountable for your organization’s security, it’s safe to assume that you’re up against some internal challenges in creating an effective security strategy, implementing it, and having full support and adoption by leadership and the workforce.

Creating a holistic security plan is time consuming, pricey and constantly evolving. To make efforts more arduous, the traditional C-suite doesn’t always have security topics and budgets built into the primary agenda of planning and board meetings. But, that’s starting to change – thanks to some of the most hard-hitting headlines in the recent news, along with changes in cyberattack trends.

Recent Trends Should Make the C-Suite Take Notice

While the Equifax breach has been monumentally devastating to the organization, and the estimated 143 million individual victims breached, there may be a silver lining for those struggling to gain support for security initiatives within their own organizations. The media storm has, and is, continuing to expose faults in the organization from lapse in security needs to alleged leadership misconduct to hiring practices. When a company’s infosec program is called into question by regulators, shareholders, and the general masses, everything else about the company gets questioned too. This narrative is strong enough to get your leadership to sit up in their chairs the next time you bring up your security needs.

Trend 1: Malware Targets are Changing

It’s important to remember that Equifax isn’t a sole victim of this type of attack. According, to Verizon’s DBIR, the most significant change to malware has been an evolution of the trend of attackers targeting and infecting individual consumer systems, towards targeting vulnerable organizations with more data available for the taking.

Trend 2: Increase of Nation-State Sponsored Attacks

90% of breaches involving unauthorized network and/or system access, identified as cyber-espionage, can be attributed to nation-state sponsored attacks, per Verizon’s DBIR. And while we may never know the full details on the Equifax breach attackers, the magnitude of the records breached indicates that this may have been affiliated with a nation-state.

Why Should These Trends Cause Organization Leaders to Take Notice?

Unlike the common hacker looking to exploit the easiest target, attackers sponsored by nation-states have the time, resources, and a mission to find and exploit vulnerabilities in your organization. And when the data stolen exposes your customers, any negligence in security measures becomes personal, tarnishing trust in your brand.

It’s not uncommon to have security gaps when using point solutions. Without a plan for regular vulnerability assessments and penetration testing in place, you’ll be unable to discover and remediate those open sieves.

There’s a human side to security too, that must not be overlooked. The right technology can help mitigate some risks, but social engineering is still a threat. Initiating an insider threat program is a recommended approach to create the specific processes for your needs and educating the workforce.

Now is the time to assess your vulnerabilities, refine your security strategy, put the right processes in place, and get your budgetary needs approved.

Contact Us. We’re here to help.

Read more about the Equifax breach and our views in the New York Times.