Equifax would not have happened on our watch!

Due to a flaw in a tool designed to build web applications, hackers were able to access personal data of 143 million Equifax customers, the company said in a press release.  Furthermore, Equifax admitted it was aware of the security flaw a full two months before the company says hackers first gained accessed to its data. Equifax opted not to patch the vulnerability. The company's security department stated that it "was aware of this vulnerability at that time, and took efforts to identify and to patch any vulnerable systems." 

The issue is not that they were aware. The issue is that they did not understand that the effects of a breach of this technology would not be isolated to the system. It would impact other high value systems that process the crown jewel assets of Equifax’s business – the privacy data (name, identification number, address, email, etc) and credit ratings of its customers. As a result of the breach Equifax's chief information officer and chief security officer were “retiring”.

"There's really no excuse whether it's a difficult patch or not, for an organization of that size with that kind of magnitude of data," said Jon Hendren, director of strategy at security firm UpGuard. "When you're a big organization like that, it's a systemic failure of process and the blame goes straight to the top." 

InnoSec’s STORM is a cyber risk management software that demonstrates how the business is impacted by the effectiveness of cyber security tools, people and processes. 

It provides a clear line of sight into systems that are impacted by unpatched technologies and how isolated or localized the impacts of a breach are. Without this visibility it is impossible to understand how cyber remediation should be prioritized.

Reports are generated that alert key personnel to just this type of situation allowing actions to be taken before a disaster happens.