sb-nz logo
Story image

2017 Equifax breach: Impact and lessons learned

02 Oct 2017

By Rick Holland, VP Strategy at Digital Shadows

Equifax experienced a data breach that occurred in mid-May 2017, was first discovered on 29 July 2017, and was publicly disclosed by the company on 07 September 2017.

The breach affected 143 million individuals in the United States, Canada and the United Kingdom. Immediately after the disclosure Equifax faced widespread criticism from the media, researchers and customers. There have also been allegations of insider trading and legal implications.

In our paper Equifax Breach: Lessons Learned for Your Organisations, we outline how the events surrounding the breach demonstrate several important learning points organisations can use to inform their own security posture.

The largest immediate impact to Equifax was loss of investor confidence; the share price dropped 34 percent within eight days after the breach disclosure. The company also risks revenue loss resulting from reduced business, especially considering customers’ loss of confidence in the company to secure data. As with all data breaches, Equifax will also incur financial losses through its responsive investigations and, likely, costs resulting from lawsuits.

Swift public criticism followed around Equifax’s security posture, its handling of the breach and the exposure of the sensitive customer data. Some employees have been accused of insider trading, and others have reportedly left their positions, such as the chief security officer and chief information officer. Reputational damage may have a mid- to long-term effect on the company’s revenue generation and a prolonged impact on its finances.

The key lessons organisations can learn from this event are:

Maintain an external view of your digital footprint to be aware of what an attacker can access, what is vulnerable to attack and what methods attackers are using against your sector.

Establish and maintain a threat intelligence program, and act on the intelligence; Digital Shadows provided clients with multiple alerts about exploitation of the vulnerability that affected Equifax, prior to the intrusion.

Implement and follow general cyber-security good practice measures, such as defence-in-depth and including vulnerability management. Plan as if an attacker will compromise your network and ensure your sensitive information will be protected.

Assume a breach will occur and plan for this outcome. Ensure people, processes and strategy are in place in advance of it.

Control knowledge of a breach to trusted individuals and prepare for announcements by analysing the possible consequences of decisions.

Communicate clearly when a breach happens, stating the knowns and unknowns publicly. Speculation from media and researchers can damage reputation.

Look for your compromised data online, to try to discern the attacker’s motive. Understanding whether the motive was financial gain may help mitigate against prolonged malicious activity.

Story image
Gigamon & FireEye tackle security in hybrid cloud environments
The partnership is an extension to a ‘long-standing’ relationship that aims to ‘simplify, secure, and optimise hybrid cloud environments’.More
Story image
From Me to We: Partnerships & multiparty systems in the post-COVID-19 age
MPS is all about sharing data infrastructure between people and organisations - think along the lines of blockchain, distributed databases and ledgers.More
Story image
Microsoft Exchange breach a wake-up call to ditch the server
"There are owners who still have in-house exchange servers because they are suspicious of the cloud or have concerns about their data sovereignty or don't want to contemplate the capital expenditure. But the warning is clear. Get rid of them."More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Video: 10 Minute IT Jams - Who is Okta?
Okta is an identity and access management company, specialising in secure user authentication. It's an enterprise-grade identity management service, built for the cloud, but compatible with many on-premises applications.More
Story image
Interview: SAS outlines the seven AI-based trends you'll see in 2021
Artificial intelligence has, let's face it, been the subject of much hype, of experimentation, and in some cases, pipe dreams.More