The Smokey the Bear wildfire prevention campaign began in 1944 and its message of wildfire prevention remains as relevant and urgent today as it was in 1944. Just ask any American living in wildfire prone states. Smokey asserted in 1944, “Care Will Prevent 9 out of 10 Forest Fires." And although the message evolved it became very direct with, "Remember... Only YOU Can Prevent Forest Fires." Perhaps it’s time to unleash “Cyber Smokey” or perhaps a “Cy-key” (pronounced as “Psyhce”) with an equally direct message of, “Remember… YOU need to play your role to Prevent Data Breach.”
Today there are 146 Million, mostly Americans, wishing a “Cy-key” message reached enterprises who hold customer data in a precarious security state. What happened at Equifax may indeed be a seminal moment in the history of cybersecurity. To think the resignation of senior executives (CEO, CSO, CFO) is due in a large part to their failure to enforce reliable and demonstrable patch management and timely deployment of vulnerability in their Cyber- ecosystems , should be a strong message to others in similar positions and enterprise organizations.
THE EQUIFAX DEBACLE
Cases like Equifax have also left many experts still searching for a reasonable explanation as to why enterprises have not learned their lesson in one of the most basic hygiene of cyber security after Wannacry ransomware. An effective enterprise wide patch management could have possibly saved FedEx/TNT Global and Maersk $300 Million in post ransomware infection bills and the jobs of C-suiters at Equifax.
Beyond technical and procedural efficiencies , the fallout and subsequent mishandling of the Equifax data breach illustrates a low point and a mass betrayal of trust. In many cases the customers were not informed nor did they understand that their financial institutions had sent their information to Equifax. It came as a surprise to many people when all their data was stolen from a company they had no idea they had a relationship with. This called attention to Breach detection and notifications.
ORGANIZATIONAL DUE DILIGENCE
What is so pertinent to the discussion of vulnerability management is how it is now linked to evidence of organizational due diligence in the protection of customer personally identifiable information (PII). It’s not hard to “see” this vulnerability management issue at Equifax from a legal perspective. The legal perspective is currently being “seen” and investigated by many state attorney generals and federal agencies; also due to the actions of Equifax senior executives, a criminal investigation is underway headed by the FBI. Subpoenas and indictments will grab headlines for weeks and months ahead.
Powerful words are used in legal actions; the potential of sanctions or worse evolve from those legal actions. To think the legal issues unfolding stem from an unpatched system vulnerability which evolved into the “patient zero” of the Equifax data breach is deeply troubling and should resonate with executive boards and company officers. It would seem a failure of vulnerability management, for an organization has the power to plunge the business into crisis and cause extreme scrutiny of the business operations from regulatory authorities and in the most egregious of circumstances, criminal investigators.
DUTY OF CARE
If technical requirements like vulnerability management has now become linked with and evidence of a company exercising a “Duty of Care”, then a failure of the “Duty of Care” unleashes difficult questions. These questions may evolve into a regulatory investigation, deposition or even litigation, as the goal will be to find the company negligent in its protection of customer data and may culminate in a global adaptation of the stringent regulations like European Union’s GDPR (General Data Protection Regulation); a finding of negligence usually has the most severe penalties attached. Fortunately, a finding of negligence is not immediate and many circumstances and opinion must be considered. Certainly, prevention of the “Spark of the Data Breach Fire” is the most prudent course of action, as there is no potential of a regulatory inferno if extinguished early.
Contact Us Today
Making Data More Accessible For many years, data models have plagued data scientists and analysts with inefficiency that eroded the usefulness of their organizational data. While solutions such as data lakes and data warehouses create a central repository for organizational data, they often lack the agility to deliver the complex data insights required to power a modern enterprise.Explore
Breaking Down the Walls Every organization deals with data in one way or another—whether in a database, data warehouse, or other architecture type. With this data comes a management burden, as customer data must be protected in line with data regulations. IT teams struggle with data pipelines: controlling access to datasets across numerous products, services, and business applications. Improper data governance and security configurations can prevent data access entirely and leave data in the wrong internal or external hands.Explore
Better Insights in the Cloud Data analytics is not an entirely modern invention. The term “big data” was coined in the 1990s to describe massive data sets often used in the finance, science, and energy sectors. Since then, both the amount of data produced and the computing power it requires have grown at an astonishing rate. The tools and techniques honed through various scientific disciplines provide a platform for businesses to accelerate growth and make the most of their place in the market.Explore
What is Predictive Analytics? Predictive analytics is the practice of analyzing past and present data to predict a future outcome. Today, every industry from insurance and finance to healthcare and child services uses neural networking, machine learning, and artificial intelligence to build predictive models to solve complex problems and support better and faster business decisions.Explore
What is ITOM? IT operations management (ITOM) can be defined as the process of managing and maintaining an organization’s network infrastructure. An IT team is typically tasked with this work, covering aspects of computing such as compliance, security, and troubleshooting. This team works with internal and external network users, offering advice and remediation to overcome technical obstacles and maintain effective service delivery.Explore
Putting Data to Work Recently, one of the world’s largest global shipping companies was seeking to identify new revenue opportunities; specifically, they were interested in monetizing their data by building other, related business intelligence products for different industries. Like many other businesses, they had found themselves sitting on a mountain of actionable data without any processes in place to explore or leverage said data. Their intentions were now pointed in the right direction, but what they were missing was a data monetization strategy.Explore