Make no mistake the Equifax Data Breach of about 143 million records (approx. 44% of US population) is one of the largest and ‘will be’ the most expensive data breach in the history. Equifax is one of the four largest American credit agencies alongside Experian, Trans Union and Innovis.
The data breach notification by Equifax should remind us that data breaches are inevitable and these breaches will continue to happen and make headlines.
However, the key message of this breach is the reporting firm took over 5 weeks to publicly disclose the data breach, which means that the personal information of 143 million people was exposed for over 2 months before they were made aware of the compromise. (Please Note: The breach occurred sometime in May and was not even detected until late July 2017)
And to no surprise, the stock market didn’t react well! As of Monday 11/09 the company lost about $2 billion in market cap on Friday, tumbling nearly 14%. (This figure will surely go up)
A proposed class action seeking as much as USD$70 billion in damages nationally to represent 143 million consumers alleges, Equifax didn’t spend enough on protecting data. (Or should we say Equifax did not take reasonable steps to protect information)
With this treasure trove in hand what is the most likely move of the hackers?
- They would be already selling this information on the dark web or negotiating with Equifax for a ransom; or
- Data mining to see if they can use this data for identify theft. Imagine hackers creating countless new identities out of thin air. You’re not the only one who thinks this is a terrifying scenario!
Whatever the reason for this breach or the attack vector was, organizations that hold more personal data than they need, always carry more risk for themselves and their consumers.
In 2016, Microsoft frames digital growth with its estimate that by 2020 four billion people will be online — twice the number that are online now. They predict 50 billion devices will be connected to the Internet by 2020, and data volumes online will be 50 times greater than today and cybercrime damage costs to hit $6 trillion annually by 2021.
This is the real impact if corporations and individuals who are in-charge of cybersecurity do not understand what are the fundamentals of cybersecurity and the difference between IT Security and Information Security.
The lessons from this breach are simple – A breach in cybersecurity can cost a company both financially and damage to their reputation, so it’s imperative that you invest in cybersecurity that is relative to the data classification that you have.
A good starting point will be to identify how information/data is handled in its entire life cycle: In-Transit, In-Use, At-Rest and Disposal.
If you need any help with how to protect your data, have a chat to us today and find out how Kloud/Telstra can help you overcome your specific data security requirements.