Equifax Breach Shows Firms Still Aren’t Getting the Basics Right Ahead of GDPR Deadline

As each week brings the 25 May 2018 deadline for GDPR compliance closer to hand, we seem to be faced with yet another report highlighting poor levels of preparedness among organisations. Recent findings reveal that an astonishing 64% of UK firms have not yet begun preparations for the sweeping new data protection law. Yet as shocking as these stats are, a far more effective way to focus the minds of IT security and business leaders is to highlight some recent big-name data breaches and consider how the companies affected would have been treated in a post-GDPR world. For Equifax, there’s particularly…

The Equifax Disaster: Technical Controls — ICIT’s Synopsis of America’s In-Credible Insecurity

The following excerpts are from the Technical Controls section of Part-1 of the ICIT Equifax report entitled “America’s In-Credible Insecurity,” written by James Scott, Sr. Fellow, Institute for Critical Infrastructure (ICIT). Technical Controls Data Encryption Data should be protected according to its value and the potential harm that would result if it were stolen. Encryption does not prevent adversaries or insiders from exfiltrating data; however, it does deter or prevent attackers from exploiting the stolen data unless they spend significant additional resources breaking the encryption or stealing the decryption keys. Data Loss Prevention Data loss prevention is the employment of…

The Equifax Data Breach Disaster: ICIT’s Synopsis of America’s In-Credible Insecurity

The following are some of the key points excerpted from Part One of the ICIT Equifax report entitled “America’s In-Credible Insecurity,” written by James Scott, Senior Fellow, Institute for Critical Infrastructure. This polemic 32-page report is an essential read for security practitioners, executives with responsibility for data security and privacy and a profound warning for CXO’s and board-executives in companies with responsibility for protecting Personally Identifiable Information, (PII). The recommendations offered in this ICIT report can help consumers and organizations alike mitigate some of the emerging attack vectors and regain a semblance of control over their identity, sensitive information and…

Equifax Data Breach: Stock Drops More Than Five Percent

Equifax announced today that it was hit by a cyber security incident, potentially impacting 143 million consumers in the U.S. According to the company’s press release, “criminals exploited a U.S. website application vulnerability to gain access to certain files.” The “information accessed primarily includes names, Social Security numbers, birth dates, addresses… [and] credit card numbers.” After news of the breach broke, Equifax’s stock price dropped five percent. This is directly in line with a recent Centrify-commissioned Ponemon study, which found this to be the historic average on Day One. Moreover, Equifax’s stock price dropped 13-14 percent the day after its breach…

IAM Best Practices to Reduce Your Attack Surface

When I read the 2017 Verizon data breach report, I couldn’t help but notice that it would be relatively easy to reduce an attack surface by implementing a few best practices. Granted, that might mean you will need to spend some money, but considering that a breach could cost you $15 Million or more, according to Ponemon, and considering that 81% of breaches involve a weak or stolen password, wouldn’t it make sense spending your money where it has the most impact? Organizations need to reduce their attack surface! Now before I share tips provided by Verizon and Centrify on how you…

Game of Thrones Hack: Winter Has Come for Passwords

The recent security breach at HBO of confidential data including Game of Thrones scripts, cast personal details and administrator passwords highlights the vulnerability of password-only protection. The breach involved hackers stealing about 1.5 terabytes of data from HBO systems — more than seven times as much as the 200 gigabytes taken in the 2014 Sony hack — including scripts for five Game of Thrones episodes and two unreleased episodes of Ballers and Room 104. Passwords Alone Are Not Enough to Stop the Breach The hackers have reportedly released numerous confidential documents, including one with a list of personal phone numbers,…

Four Things You Don’t Know About Cybersecurity… That You Should

Ponemon Institute recently conducted a survey, sponsored by Centrify, designed to more deeply understand the current state of cybersecurity. The Impact of Data Breaches on Reputation & Share Value: A Study of U.S. Marketers, IT Practitioners and Consumers examines differing perspectives across a number of security topics. I’d like to focus on IT professionals at this time, as I believe the results are enlightening, to say the least. 43 Percent of IT practitioners said their organization had a data breach involving sensitive customer or business information in the past two years. This tells us that more than one in five organizations…

How are CFOs Affected By a Security Breach?

Centrify teamed up with security researcher Ponemon Institute to survey a large group of IT, information security, senior marketing and communication professionals as well as a healthy number of consumers. A key objective of the study was to get a handle on the financial impact of a cyber security breach on a typical organization. The bottom line (no pun intended) is that, the day the breach makes headlines: Your stock price will drop between an average of 3% to 7% when breach is announced You stand to lose a significant number of your customers You will see a corresponding loss…

Breaches Rank in Top Three Negative Impacts on Brand Reputation – Above CEO Scandal

A recent Ponemon Institute study set out to examine the attitudes and perspectives of three key stakeholder populations inside a business environment: Marketing practitioners, IT practitioners and consumers. A key objective of the Centrify-sponsored study was to understand the impact of a data breach on a company’s customers, stock price and overall brand reputation. Among the survey’s key findings: A data breach now outranks a scandal involving the CEO in terms of adverse impact on a company’s reputation. In fact, breaches ranked in the top three most negative events, following shoddy customer service and an environmental incident. Negative Affects on…