We’ve already mentioned twice here at Appknox about one of the world’s biggest cybersecurity breaches. Today, on the occasion of remembering what happened around one year ago with the Equifax hack, we’re looking back at how hackers entered the company's systems to steal over 147 million people’s personal and financial data. This data included Social Security numbers, dates of birth, home addresses, and some driver's license numbers and credit card numbers.
It is common for any company to sense the heightened dangers of a post data breach, but, it is less common for businesses to feel the same before the occurrence of one. Generally speaking, the cost of a data breach, pre, and post, are incomparable. Although this may sound overused or hyped up, it is no farther from the truth as displayed in the Equifax hack. Let’s take a look at the trouble Equifax went through all because they took the threats of a pre-data breach very lightly.
1. Compromise of personal and private data
The magnitude of data lost during this breach was immense. Not only was it a high volume data breach but the type of content that hackers got their hands on, was simply priceless. It isn’t comforting as a consumer to know my personal and private data is in the hands of bad people.
2. Massive brand reputation degrade
To put it simply, when the data of our consumers are compromised and it's out in the public, there is just no coming back from an inexcusable mistake like that. Tons and tons of your consumers are going to turn away from you because when trust is betrayed, there are not many instances you get to have a second chance.
3. Massive remediation spends
In the year since the breach, Equifax has invested $200 million on data security infrastructure. And the now acting CISO Farshchi says that Equifax has given him the resources he needs to build a stellar security program. Although it's a direction in the right step, its one small step taken very late. Basically, we're saying all this could have been easily avoided.
4. Data breach penalties
US cybersecurity laws are known to be amongst the most strict in the world. A data breach certainly is not going to go unnoticed nor unpunished. If the Democrats’ measure had been law at the time of the incident, Equifax would have been forced to fork over $1.5 billion to the feds, the lawmakers estimate. That’s because their measure would allow the FTC to fine credit-reporting agencies $100 for each consumer whose personal information was stolen by a hacker — and an another $50 for each additional piece of personal information compromised per individual. Total fines would be capped based on a credit-reporting agency’s revenue but could increase further if the likes of Equifax failed to follow basic cybersecurity practices. Apart from the huge penalty, Equifax still devotes a huge chunk of time, fighting it out in the court.
5. The hiring of new resources
Apart from running around and trying to build new security capabilities (because obviously what they were doing didn't work), Equifax decided to initiate it's overhaul top down. They spent a massive amount hiring a huge name in information security. Let's not even try and put a number to what he or his new team would have costed Equifax. All this because the sound of a pre-hack didn't sound as alarming as a post.
If it didn’t sound important enough during a pre-breach coming from us, then hear it from the mouth of the man Equifax themselves hired to get them out of this mess.
In the words of the recent CISO hired by Equifax, Jamil Farshchi "One of the things that I really love about being a CISO in a post-breach environment is it gives you such an immense opportunity to drive fundamental, meaningful change in a very short timeframe. I felt like I did good things when I was at Los Alamos or at NASA, but it takes so frickin' long to push some of this stuff. The barriers you face at any company not post-breach is you're always fighting for budget, you're always fighting for facetime, trying to justify and convince people about the importance of security and risk management. When you're in a post-breach environment, everyone already knows that it's critically important."
Add all this up and put a number to it. Do you think it’s worth all that trouble? There are great security solutions out there at costs that you can easily afford to ignore. There’ a lot at stake so we’d suggest taking the pre-breach situations much more seriously before it’s too late. It could happen to a business of any size but at the end of the day, the damage done has the same lasting effect. If you are a business who has concerns, let Appknox help you set up a security strategy.
We fight for a larger cause and it's worth more than just a meager business deal to us.