Equifax and Never Look Back (Wrong!)

One of, if not THE most notable breach of 2017 was revealed by Equifax Inc. (NYSE: EFX), in which their organization was hacked through the exploitation of “a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017.” This exploit lead to the compromise of sensitive personally identifiable information (PII) including birth dates, addresses, social security numbers, driver’s license numbers, and credit card information.The estimates of how many consumers affected worldwide began at 143 million and rose to a figure that still cannot convey the magnitude of impact of a breach from a large, global organization trusted with handling critical data.In the wake of this incident, news media and security analysts alike have commented on what this means for Equifax, for the cyber security industry, and really, for all businesses and consumers.Without going into too much detail, I’ll just say it is bad news. Perhaps worst of all, is what a few recent surveys have indicated about the response to the Equifax breach.In a survey from CreditCards.com, which polled 1,000 Americans from across the United States, found that a large amount of individuals were unaware that a breach had taken place.

Based on the poll's findings, researchers estimate 71 million U.S. adults – around 30 percent of the country's adult population – haven't heard anything about the breach revealed on Sept. 7. And only 61 million Americans – roughly 42 percent of those potentially impacted – are believed to have actually checked their credit scores or a credit report during the first two weeks after the breach was announced.

Unfortunately, a lack of awareness about the breach is only the tip of the iceberg.Veracode, in a survey of corporate leaders to gauge their understanding of secure software, found that less than 5 percent say the Equifax breach “prompted them to rethink their business' approach to cybersecurity.”Additionally, of those leaders polled, one-quarter do not understand threats like ransomware, phishing attacks, DDoS attacks, and malicious insiders.These findings, which are especially concerning, point to something many of us may already realize- we are not a security-minded culture as a whole. But, I think from a corporate leadership perspective, the lack of ‘security mindedness' is especially shocking.Nowadays, business leaders have no choice but to be knowledgeable about cyber security and the vulnerabilities that could have staggering effects on their constituents. These leaders don’t need to be asking, “what if we get hacked?” but rather “when will be get hacked?”I’m sure many of you have heard this all before, and yet the numbers indicate that it needs to be reminded.If the Equifax breach does not prompt you to evaluate the security of your organization, what will? Realistically, you should constantly be auditing your systems, looking for ways to improve, and learning from the mistakes of others, not only from the perspective of “how could we/they have prevented this?” but, “how could we/they respond best in the aftermath?”In today’s digital culture, your reputation has only increased in value and has become much harder to monitor and maintain. This is not only from a corporate perspective, but from a personal perspective as a consumer as well.Regular monitoring of your credit as well as your bank account is a proactive step to ensure someone is not misusing your assets. Imagine waking up to find that for over a year someone has opened lines of credit in your name- this could have a lasting impact on your score and make it difficult for you to regain credibility to lending authorities.All of this stems back to creating a culture of security, a culture in which individuals are constantly learning about cyber security and keeping informed of the latest news events. As you may recognize, this ties closely to the Cybrary mission.We want security to be at the top of mind for our members always and we encourage you to question and discuss the latest tools, technologies, breaches, methodologies and create an environment where everyone has what they need to be competent and confident.We have so much to learn from one another and should feel empowered to contribute our knowledge to Cybrary. Members are now not only able to submit their articles through 0P3N and engage with each other on the forums but are able to submit entire courses. You don’t have to be a professor in order to contribute, just have knowledge to share.Defining a culture of security on our platform that expands out into the world and reaches our business leaders is what we should all be mindful of at all times. We have the power to do that with our knowledge; that is the beauty of Cybrary.Olivia Lynch (@Cybrary_Olivia) is the Marketing & Communications Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.