Equifax is receiving a one-two punch after announcing a breach that compromised as many as 143 million American consumers. Let’s put that into perspective, size-wise, as 143 million consumers is almost half of the U.S. population.
Equifax and their customers are just beginning to understand the consequences of the breach. But, remediation efforts made public have come under fire and the Equifax brand is tarnishing with each new headline and social feed filled with vexed consumers.
The initial details on the breach are alarming, as there are several indicators that this may have been caused by attackers with nation-state affiliation.
Punch one: While the initial headlines for the Equifax breach established the magnitude and severity of the situation, the following may have been more damaging to the brand’s reputation:
Timing of the breach announcement after three Equifax senior executives sold a significant amount of shares is causing negative speculation and public distrust of the corporation’s officers and advisors.
What the public – and let’s be honest – most organizations, might not be aware of, is that the average breach takes 8 months to detect, according to the latest Verizon Data Breach Investigations Report (DBIR). That said, a strong security strategy will incorporate proper means to mitigate the risk of a breach going unseen for months.
Punch two: Equifax continues to lose public favor as individual customers express their opinions on what they deem as a subpar remediation plan.
Equifax launched a web property to help offer assistance to potential victims of the breach with a free credit monitoring service. The user experience of the website has been heavily scrutinized, as well as an understanding that consumers that agree to the free services will not be able to participate in an imminent class action law suit.
The Equifax breach should be disturbing to both individuals that could have been breached and executives responsible for security in their own organizations. Attacks like this seldom happen in isolation. When an organization lacks insight into the security threat intelligence community and has written off cyber security as a sole IT issue to be handled by the same disparate tools year after year, they are putting themselves at risk. A regular review of a security strategy is key to help mitigate risk. Companies must also develop – and regularly exercise – an incident response plan through table top exercises and simulated data breach scenarios. While following best practices is crucial, so is understanding that these best practices must continue to change and evolve as quickly as the ever-changing threat landscape.
Our mission is to build close partnerships with our clients, serving them as not only a vendor, but as trusted advisors helping them to build effective, proactive plans. Our focus is always on both the technical and human elements within an organization. We believe in comprehensive strategies designed to harden networks, deflect attackers, and rapidly recover from incidents. As technology progresses, so too do our tactics; ensuring our experts are always prepared to serve forward-looking leaders who are eager to stay ahead of emerging threats.