Equifax's 2017 breach will cost it billions in fines, customer restitution and mandated and voluntary security improvements. All organizations that profit from consumer data should take notice. The U.S.-based consumer credit reporting agency, announced had fallen victim to a cyber security breach that exposed the personal data of more than $143 million consumers.
The stunning revelation has caused enormous concern across the U.S. and the world. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide. To make things worse, it collects more than enough data to make identity thieves salivate: Equifax has personal data from consumers that includes full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers.
The implications go beyond the 143 million people who must now closely monitor their credit indefinitely for any signs of identity theft. It also has possible criminal ramifications, as USA Today reports that some executives at the company are being investigated for allegedly unloading stock before the breach was announced (see "Feds reportedly investigate Equifax executives' stock sales").
Unfortunately, it's not uncommon for organizations to fall victim to those who would steal data. How can this happen? How can a company responsible for safeguarding the most critical personal information imaginable admit to such a massive security failure? While it may be on a smaller scale than Equifax, it happens around the world regularly.
That is why CRI® Group has a team of trained corporate security & resilience experts focused on protecting such valuable information on every level. After all, it's too late after a breach has occurred. An organization can face criminal and civil penalties, not to mention the loss of trust and reputation among its stakeholders. A data breach tells consumers that you cannot protect their data and thus are not to be trusted with their business.
CRI® Group's corporate due diligence services experts ask the hard questions, especially to any organization conducting business globally. For example:
How do you manage the risks to digital and physical assets? CRI® Group can put measures that provide layers of cyber security resilience to thwart hackers and those trying to steal your data.
How quickly can we respond to a serious business crisis? CRI® Group's corporate due diligence services can help you detect breach attempts before they succeed and have a chance to damage your business.
One of your biggest risks is what happens outside of your organization. Can the organization rely on our third-party business partners to maintain appropriate levels of control? Our third party risk management and due diligence services can help detect weaknesses among your partners and alert you to risk areas.
What can businesses learn from Equifax?
Equifax's approach to security provides a reasonably complete example of what not to do, but there were three particular failings that proved to be fatal for the company. Equifax was arguably brought down due to poor visibility. If the company had invested in regularly auditing its IT estate, the security department could have patched it earlier, potentially avoiding the breach. Read more here.