The Smokey the Bear wildfire prevention campaign began in 1944 and its message of wildfire prevention remains as relevant and urgent today as it was in 1944. Just ask any American living in wildfire prone states. Smokey asserted in 1944, “Care Will Prevent 9 out of 10 Forest Fires." And although the message evolved it became very direct with, "Remember... Only YOU Can Prevent Forest Fires." Perhaps it’s time to unleash “Cyber Smokey” or perhaps a “Cy-key” (pronounced as “Psyhce”) with an equally direct message of, “Remember… YOU need to play your role to Prevent Data Breach.”
Today there are 146 Million, mostly Americans, wishing a “Cy-key” message reached enterprises who hold customer data in a precarious security state. What happened at Equifax may indeed be a seminal moment in the history of cybersecurity. To think the resignation of senior executives (CEO, CSO, CFO) is due in a large part to their failure to enforce reliable and demonstrable patch management and timely deployment of vulnerability in their Cyber- ecosystems , should be a strong message to others in similar positions and enterprise organizations.
THE EQUIFAX DEBACLE
Cases like Equifax have also left many experts still searching for a reasonable explanation as to why enterprises have not learned their lesson in one of the most basic hygiene of cyber security after Wannacry ransomware. An effective enterprise wide patch management could have possibly saved FedEx/TNT Global and Maersk $300 Million in post ransomware infection bills and the jobs of C-suiters at Equifax.
Beyond technical and procedural efficiencies , the fallout and subsequent mishandling of the Equifax data breach illustrates a low point and a mass betrayal of trust. In many cases the customers were not informed nor did they understand that their financial institutions had sent their information to Equifax. It came as a surprise to many people when all their data was stolen from a company they had no idea they had a relationship with. This called attention to Breach detection and notifications.
ORGANIZATIONAL DUE DILIGENCE
What is so pertinent to the discussion of vulnerability management is how it is now linked to evidence of organizational due diligence in the protection of customer personally identifiable information (PII). It’s not hard to “see” this vulnerability management issue at Equifax from a legal perspective. The legal perspective is currently being “seen” and investigated by many state attorney generals and federal agencies; also due to the actions of Equifax senior executives, a criminal investigation is underway headed by the FBI. Subpoenas and indictments will grab headlines for weeks and months ahead.
Powerful words are used in legal actions; the potential of sanctions or worse evolve from those legal actions. To think the legal issues unfolding stem from an unpatched system vulnerability which evolved into the “patient zero” of the Equifax data breach is deeply troubling and should resonate with executive boards and company officers. It would seem a failure of vulnerability management, for an organization has the power to plunge the business into crisis and cause extreme scrutiny of the business operations from regulatory authorities and in the most egregious of circumstances, criminal investigators.
DUTY OF CARE
If technical requirements like vulnerability management has now become linked with and evidence of a company exercising a “Duty of Care”, then a failure of the “Duty of Care” unleashes difficult questions. These questions may evolve into a regulatory investigation, deposition or even litigation, as the goal will be to find the company negligent in its protection of customer data and may culminate in a global adaptation of the stringent regulations like European Union’s GDPR (General Data Protection Regulation); a finding of negligence usually has the most severe penalties attached. Fortunately, a finding of negligence is not immediate and many circumstances and opinion must be considered. Certainly, prevention of the “Spark of the Data Breach Fire” is the most prudent course of action, as there is no potential of a regulatory inferno if extinguished early.
Contact Us Today
Finding Hidden Patterns and Correlations Innovative technologies such as artificial intelligence (AI), machine learning (ML) and natural language processing (NLP) are transforming the way we approach data analytics. AI, ML and NLP are categorized under the umbrella term of “cognitive analytics,” which is an approach that leverages human-like computer intelligence to identify hidden patterns and correlations in data.Explore
The Rise in Big Data Analytics According to Internet World Stats, global internet usage increased by 1,339.6% between 2000-2021. With nearly thirteen times as many people using the internet, this has resulted in a massive increase in the amount of data being processed daily. Our increased sharing and consumption of digital media also compounds this increased usage to create an enormous pool of data for big data analytics firms to process.Explore
What Is an SQL Query Engine? SQL query engine architecture was designed to allow users to query a variety of data sources within a single query. While early SQL-based query engines such as Apache Hive allowed analysts to cut through the clutter of analytical data, they found running SQL analytics on multi-petabyte data warehouses to be a time-intensive process that was difficult to visualize and hard to scale.Explore
The Cloud is the Key to Transformation Success… Transitioning your applications to the cloud is undeniably a critical factor to a successful digital transformation endeavor. It’s more than just a lift-and-shift, however. Let’s explore several things that you need to consider before migrating your applications to the cloud, including: Readiness of your application portfolio Where to begin – the right business case and migration strategy Technology requirements and considerationsExplore
Application Modernization at Speed and Scale Enterprises are pursuing greater application scalability, cost efficiency, and standardization with containerization and virtualization platforms. So, what’s the difference? Containers are a type of virtualization technology that allows users to run multiple operating systems inside a single instance of an OS. They are lightweight and portable, making them ideal for running applications across different platforms.Explore