Cyberbreach at Equifax could affect 143M U.S. consumers
Kevin McCoy, USA TODAY
Another great example of unauthorized access, and perhaps absent of proactive threat hunting to continuously research and look for possible weaknesses in the Enterprise ecosystem for on going fraud and criminal activities.
This break in was brewing since May 2017 and impacted personal records and credit numbers of about 391,000 consumers and just a mere apology is not enough.
It is time regulators and lawmakers agree and conduct a thorough investigation and find out how involved the board and CEO are with their CISO, their Data officers, Digital officer, CTO…; examine their governance model. In fact this will be a good opportunity to review the current Cyber Security, IT Security and Data Privacy Frameworks
In addition the sell off of shares by company executives should raise brows and it should be investigated. There is no such thing as limited personal data being exposed, criminals work well with little personal data, and they have their ways to access through their criminal acumen or some insider activities.
For an incident of this magnitude I would urge our lawmakers/regulators to summon the vendors, integrators, third party suppliers, chief counsel and all the financial internal and external auditors and put them through a thorough investigative questioning. This should also include review of repository where all key policy, regulations and procedures documents were stored and who all had access. It is important to see where was all the data processed and if cross border data transport has taken place, those locations need to be investigated.
I think it is time to setup an independent commission where unannounced visits should take place at organizations that are providing Cyber security to all our Federal agencies, Financial institutions (vendors, integrators, third party suppliers…), this will eliminate all the unessential crowds that know how to spell Cyber vs the real committed players.
There is definitely a lot of fluff, fraud and false assurances provided to the consumers, and enough is enough. Dear lawmakers I urge you all to please think outside the institutional box, of empty rhetoric. Our country’s infrastructure, our financial institutions, our crown jewels are facing threats on many fronts, it is time to step up the heat and find a new way to identify the threat actors and criminals.