The Smokey the Bear wildfire prevention campaign began in 1944 and its message of wildfire prevention remains as relevant and urgent today as it was in 1944. Just ask any American living in wildfire prone states. Smokey asserted in 1944, “Care Will Prevent 9 out of 10 Forest Fires." And although the message evolved it became very direct with, "Remember... Only YOU Can Prevent Forest Fires." Perhaps it’s time to unleash “Cyber Smokey” or perhaps a “Cy-key” (pronounced as “Psyhce”) with an equally direct message of, “Remember… YOU need to play your role to Prevent Data Breach.”
Today there are 146 Million, mostly Americans, wishing a “Cy-key” message reached enterprises who hold customer data in a precarious security state. What happened at Equifax may indeed be a seminal moment in the history of cybersecurity. To think the resignation of senior executives (CEO, CSO, CFO) is due in a large part to their failure to enforce reliable and demonstrable patch management and timely deployment of vulnerability in their Cyber- ecosystems , should be a strong message to others in similar positions and enterprise organizations.
THE EQUIFAX DEBACLE
Cases like Equifax have also left many experts still searching for a reasonable explanation as to why enterprises have not learned their lesson in one of the most basic hygiene of cyber security after Wannacry ransomware. An effective enterprise wide patch management could have possibly saved FedEx/TNT Global and Maersk $300 Million in post ransomware infection bills and the jobs of C-suiters at Equifax.
Beyond technical and procedural efficiencies , the fallout and subsequent mishandling of the Equifax data breach illustrates a low point and a mass betrayal of trust. In many cases the customers were not informed nor did they understand that their financial institutions had sent their information to Equifax. It came as a surprise to many people when all their data was stolen from a company they had no idea they had a relationship with. This called attention to Breach detection and notifications.
ORGANIZATIONAL DUE DILIGENCE
What is so pertinent to the discussion of vulnerability management is how it is now linked to evidence of organizational due diligence in the protection of customer personally identifiable information (PII). It’s not hard to “see” this vulnerability management issue at Equifax from a legal perspective. The legal perspective is currently being “seen” and investigated by many state attorney generals and federal agencies; also due to the actions of Equifax senior executives, a criminal investigation is underway headed by the FBI. Subpoenas and indictments will grab headlines for weeks and months ahead.
Powerful words are used in legal actions; the potential of sanctions or worse evolve from those legal actions. To think the legal issues unfolding stem from an unpatched system vulnerability which evolved into the “patient zero” of the Equifax data breach is deeply troubling and should resonate with executive boards and company officers. It would seem a failure of vulnerability management, for an organization has the power to plunge the business into crisis and cause extreme scrutiny of the business operations from regulatory authorities and in the most egregious of circumstances, criminal investigators.
DUTY OF CARE
If technical requirements like vulnerability management has now become linked with and evidence of a company exercising a “Duty of Care”, then a failure of the “Duty of Care” unleashes difficult questions. These questions may evolve into a regulatory investigation, deposition or even litigation, as the goal will be to find the company negligent in its protection of customer data and may culminate in a global adaptation of the stringent regulations like European Union’s GDPR (General Data Protection Regulation); a finding of negligence usually has the most severe penalties attached. Fortunately, a finding of negligence is not immediate and many circumstances and opinion must be considered. Certainly, prevention of the “Spark of the Data Breach Fire” is the most prudent course of action, as there is no potential of a regulatory inferno if extinguished early.
Contact Us Today
For decades, Windows served as the workhorse of the business world. In recent years, however, a significant transformation has occurred with the rise of cloud infrastructure platforms. Enterprises now realize that legacy on-premises Windows workloads are impeding their progress. Core challenges include licensing costs, scalability issues, and reluctance to embrace digital transformation.Explore
Connecting more people to data has become imperative for organizations worldwide. In Top Trends in Data & Analytics for 2022, Gartner stated, “Connections between diverse and distributed data and people create truly impactful insight and innovation. These connections are critical to assisting humans and machines in making quicker, more accurate, trustworthy, and contextualized decisions while considering an increasing number of factors, stakeholders, and data sources.”Explore
Since the dawn of business, users have looked for three main components when it comes to data: Search | Secure| Share. Now let's talk about the evolution of data over the years. It's a story in itself if one pays attention. Back then, applications were created to handle a set of processes/tasks. These processes/tasks, when grouped logically, became a sub-function, a set of sub-functions constituted a function, and a set of functions made up an enterprise. Phase 1 – Data-AwareExplore
Practitioners in the data realm have gone through various acronyms over the years. It all started with "Decision Support Systems" followed by "Data Warehouse", "Data Marts", "Data Lakes", "Data Fabric", and "Data Mesh", amongst storage formats of RDBMS, MPP, Big Data, Blob, Parquet, Iceberg, etc., and data collection, consolidation, and consumption patterns that have evolved with technology.Explore
Enterprises have, over time, invested in a variety of tools, technologies, and methodologies to solve the critical problem of managing enterprise data assets, be it data catalogs, security policies associated with data access, or encryption/decryption of data (in motion and at rest) or identification of PII, PHI, PCI data. As technology has evolved, so have the tools and methodologies to implement the same. However, the issue continues to persist. There are a variety of reasons for the same:Explore
Finding Hidden Patterns and Correlations Innovative technologies such as artificial intelligence (AI), machine learning (ML) and natural language processing (NLP) are transforming the way we approach data analytics. AI, ML and NLP are categorized under the umbrella term of “cognitive analytics,” which is an approach that leverages human-like computer intelligence to identify hidden patterns and correlations in data.Explore