In the Equifax breach, we are hearing a lot of horror stories. But what can we learn as a company executive to avoid this type of calamity happening in our company? What can we do differently to make a difference? Strike two Equifax did not find out about the breach for over a month, this means that the hackers and cybercriminals had lots of time to do damage and steal valuable information. Imagine what a hacker can do in a month.
The third strike that happened is that Equifax did not inform the public about the breach for another month. This is particularly egregious and given that the information was for 146 million Americans and that it is not like this information was given to Equifax to hold in safekeeping it was information that was just collected about people. It is another strike.
What About Strike Three?
Well, strike three is that they got breached in the first place. A company like Equifax with a large user population and a huge responsibility of all of this data should be treating this differently. Unfortunately, they have not. They were not prepared for this attack and they did not give the correct due diligence to their own cybersecurity plan.
I believe attacks like these give great impetus to the movement to start moving major parts of our financial infrastructure over to the blockchain. This type of attack would not have been possible if it was run on the blockchain. Consumers would have controlled their own data, and it would be encrypted by algorithms that have never been broken.
What Should Be Done?
Firstly any company that is serious about trying to keep their data secure should be employing aggressive proactive tactics. Such as active monitoring or your attack surface, meaning you should be looking for the next attack. Check out this previous post where I talk about this here. The concept of preventive measures is essential.
The days of waiting around to respond to the next attack are over. You can see what hacker will do if you employ this type of reactive strategy. They are very good at hiding their tracks. So let me ask you? How involved are your senior executives in your cybersecurity posture? Do you have a CISO? Are they qualified to work in this critical area? When is the last time your cybersecurity specialists went to training to discover the latest exploits and vulnerabilities? Time is ticking.