Fico has been in hospital since Wednesday when a lone gunman shot him four times, including in the abdomen
Immediately after the disclosure, Equifax faced widespread criticism from the media, researchers and customers. There have also been allegations of insider trading and legal implications. We outline how the events surrounding the breach demonstrate several important learning points organisations can use to inform their own security posture.
The largest immediate impact to Equifax was loss of investor confidence; the share price dropped 34 per cent within eight days after the breach disclosure. The company also risks revenue loss resulting from reduced business, especially considering customers' loss of confidence in the company to secure data. As with all data breaches, Equifax will also incur financial losses through its responsive investigations and, likely, costs resulting from lawsuits.
Swift public criticism followed around Equifax's security posture, its handling of the breach and the exposure of the sensitive customer data. Some employees have been accused of insider trading, and others have reportedly left their positions, such as the chief security officer and chief information officer. Reputational damage may have a mid- to long-term effect on the company's revenue generation and a prolonged impact on its finances.
The key lessons organisations can learn from this event are:
Maintain an external view of your digital footprint to be aware of what an attacker can access, what is vulnerable to attack and what methods attackers are using against your sector.
Establish and maintain a threat intelligence programme and act on the intelligence.
Implement and follow general cyber-security good practice measures, such as defence-in-depth and including vulnerability management. Plan as if an attacker will compromise your network and ensure your sensitive information will be protected.
Assume a breach will occur and plan for this outcome. Ensure people, processes and strategy are in place in advance of it.
Control knowledge of a breach to trusted individuals and prepare for announcements by analysing the possible consequences of decisions.
Communicate clearly when a breach happens, stating the knowns and unknowns publicly. Speculation from media outlets and researchers can damage reputation.
Look for your compromised data online to try to discern the attacker's motive. Understanding whether the motive was financial gain may help mitigate against prolonged malicious activity.
The writer is vice-president of strategy at Digital Shadows. Views expressed are his own and do not reflect the newspaper's policies.
Fico has been in hospital since Wednesday when a lone gunman shot him four times, including in the abdomen
The country was one of the donor states to freeze around $450 million in funds after Israel accused 12 UNRWA staff of participating in the Hamas-led attack
This inclusive community service is available daily on Al Hamriya Beach from 6.00am to sunset
The floods on Friday also destroyed about 2,000 houses, and damaged thousands more homes and businesses
They waited nearly two decades before the club was able to break the trophy drought
For the last three months, Marwa Harb's journey through intensive treatments has shown positive results
Stunning win over American Tommy Paul sets up Italian Open title clash against against Alexander Zverev
For most, these marketing calls are nothing but annoying distractions — for some, however, it's a job