The Smokey the Bear wildfire prevention campaign began in 1944 and its message of wildfire prevention remains as relevant and urgent today as it was in 1944. Just ask any American living in wildfire prone states. Smokey asserted in 1944, “Care Will Prevent 9 out of 10 Forest Fires." And although the message evolved it became very direct with, "Remember... Only YOU Can Prevent Forest Fires." Perhaps it’s time to unleash “Cyber Smokey” or perhaps a “Cy-key” (pronounced as “Psyhce”) with an equally direct message of, “Remember… YOU need to play your role to Prevent Data Breach.”
Today there are 146 Million, mostly Americans, wishing a “Cy-key” message reached enterprises who hold customer data in a precarious security state. What happened at Equifax may indeed be a seminal moment in the history of cybersecurity. To think the resignation of senior executives (CEO, CSO, CFO) is due in a large part to their failure to enforce reliable and demonstrable patch management and timely deployment of vulnerability in their Cyber- ecosystems , should be a strong message to others in similar positions and enterprise organizations.
THE EQUIFAX DEBACLE
Cases like Equifax have also left many experts still searching for a reasonable explanation as to why enterprises have not learned their lesson in one of the most basic hygiene of cyber security after Wannacry ransomware. An effective enterprise wide patch management could have possibly saved FedEx/TNT Global and Maersk $300 Million in post ransomware infection bills and the jobs of C-suiters at Equifax.
Beyond technical and procedural efficiencies , the fallout and subsequent mishandling of the Equifax data breach illustrates a low point and a mass betrayal of trust. In many cases the customers were not informed nor did they understand that their financial institutions had sent their information to Equifax. It came as a surprise to many people when all their data was stolen from a company they had no idea they had a relationship with. This called attention to Breach detection and notifications.
ORGANIZATIONAL DUE DILIGENCE
What is so pertinent to the discussion of vulnerability management is how it is now linked to evidence of organizational due diligence in the protection of customer personally identifiable information (PII). It’s not hard to “see” this vulnerability management issue at Equifax from a legal perspective. The legal perspective is currently being “seen” and investigated by many state attorney generals and federal agencies; also due to the actions of Equifax senior executives, a criminal investigation is underway headed by the FBI. Subpoenas and indictments will grab headlines for weeks and months ahead.
Powerful words are used in legal actions; the potential of sanctions or worse evolve from those legal actions. To think the legal issues unfolding stem from an unpatched system vulnerability which evolved into the “patient zero” of the Equifax data breach is deeply troubling and should resonate with executive boards and company officers. It would seem a failure of vulnerability management, for an organization has the power to plunge the business into crisis and cause extreme scrutiny of the business operations from regulatory authorities and in the most egregious of circumstances, criminal investigators.
DUTY OF CARE
If technical requirements like vulnerability management has now become linked with and evidence of a company exercising a “Duty of Care”, then a failure of the “Duty of Care” unleashes difficult questions. These questions may evolve into a regulatory investigation, deposition or even litigation, as the goal will be to find the company negligent in its protection of customer data and may culminate in a global adaptation of the stringent regulations like European Union’s GDPR (General Data Protection Regulation); a finding of negligence usually has the most severe penalties attached. Fortunately, a finding of negligence is not immediate and many circumstances and opinion must be considered. Certainly, prevention of the “Spark of the Data Breach Fire” is the most prudent course of action, as there is no potential of a regulatory inferno if extinguished early.
Contact Us Today
What are the Differences? Though often used interchangeably, data pipelines and ETL are two different methodologies for managing and structuring data. ETL tools are used for data extraction, transformation, and loading. Whereas data pipelines encompass the entire set of processes applied to data as it moves from one system to another. Sometimes data pipelines involve transformation, and sometimes they do not.Explore
One Unified Dashboard In the past, most enterprises would have used a legacy business management system to track business needs and understand how IT resources can fulfill these needs. The problem with these legacy systems is the manual data collection process, which introduces the risk of human error and is much slower than newer automated solutions.Explore
Intelligent automation in the workplace is becoming more relevant in the modern market. As automation technology becomes more refined and smart business models allow business owners to optimize their workflow, more and more are turning to intelligent automation for their internal and client-facing processes alike.Explore
What is a Hybrid Data Center? A hybrid data center is a computing environment that combines on-premise and cloud-based infrastructure to enable the sharing of applications and data across physical data centers and multi-cloud environments. This allows organizations to balance the security provided by on-premise infrastructure and the agility found with a public cloud environment.Explore
Leverage Your Data to Discover Hidden Potential The amount of data in the insurance industry is exploding, and the number of opportunities to leverage this data to achieve large-scale business value has exploded along with it. Rapid integration of technology makes it possible to use advanced business analytics in insurance to discover potential markets, risks, customers, and competitors, as well as plan for natural disasters.Explore
Increased Use of Data Lakes As volumes of big data continue to explode, data lakes are becoming essential for companies to leverage their data for competitive advantage. Research by Aberdeen shows that organizations that have deployed and are using data lakes outperform similar companies by nine percent in organic revenue growth.Explore