Page 38 - GS171201
P. 38
Education
Equifax – the continued fallout SMBs in the United States have been
victims of cybersecurity breaches, ac-
By Srii Srinivasan cording to a recent report from the
Ponemon Institute. Ignorance is no
Chargeback Gurus longer an excuse. Following are key
lessons to heed from Equifax's expe-
here is no way to overstate how bad the Equifax breach was. Even rience.
though it was announced during the same month as mega-breaches
from the SEC and Deloitte, this one stands out. The consumer 1. Only you can prevent
T records of over 145 million people were stolen and, as Paul Stephens, security breaches
Director of Policy and Advocacy at the Privacy Rights Clearinghouse put it,
we'll be feeling the effects for "essentially a hundred years, until everybody is Equifax has been widely criticized
for the security breach and has
dead that was exposed by this breach."
been the subject of numerous law-
Equifax is one of three major U.S.-based consumer credit reporting agencies, suits in the aftermath. This is be-
aggregating the personally identifiable information of over 800 million cause, by its own admission, Equi-
fax was aware of the vulnerability,
consumers and 88 million businesses worldwide. According to Equifax's
statement, data mining began in mid-May 2017 but wasn't discovered until July and a patch had been available as
of March ‒ two months before the
29. By then it had become one of the biggest data breaches in history.
breach began.
This one affects everybody. Even if your business wasn't one of the millions
that had information stolen, it is more than likely some of your customers were It's symptomatic of a larger problem
throughout the payments industry:
affected; all your future customers are also at risk. This breach is a wakeup call
for companies of all sizes to take cybersecurity seriously, but if you're one of the companies don't take data security
seriously enough. By not patching
millions of small to midsize businesses (SMBs), you must take extra care. SMBs
are considered an easy target by hackers and fraudsters: half of the 30 million a known vulnerability, Equifax did
what many companies have done:
put security on the back burner un-
til it was too late. Consumers and
companies alike, no matter how
often they hear stories about iden-
tify theft and data breaches, often
think it can't happen to them – until
it does.
A data breach can happen to any-
body. Organizations of all kinds
need to assess (and reassess) the
measures and mechanisms main-
taining their data security. The
latest upgrades, patches and best
practices need to be applied in real
time. There is no excuse for delay.
2. Honesty is the best policy
When Equifax discovered the
breach July 29, company executives
knew the intrusion was caused by
their failure to patch a known vul-
nerability. As if that weren't bad
enough, they then waited six weeks
before disclosing the breach. Dur-
ing that time, the personally iden-
tifiable information of 145 million
consumers was in criminal hands,
but the victims had no way of
knowing it. It's impossible to quan-
tify the amount of damage that
could have caused.
38
