Slashdot Mirror
Equifax CEO: All Companies Get Breached (fortune.com)
An anonymous reader quotes Fortune:There are two kinds of companies, according to a saying that former Equifax CEO Rick Smith shared in a speech at the University of Georgia on August 17. "There's those companies that have been breached and know it, and there are those companies that have been breached and don't know it," he said. Though it was still 21 days before his company would reveal that it had been massively hacked, Equifax, at that time, had been breached and knew it...
Smith's fastest growing area of security concern was state-sponsored hacking and espionage, he said. "It's countries you'd expect -- you know it's China, Russia, Iran, and Iraq -- and they're being very aggressive trying to get access to the know-how about how companies have built their capabilities, and transport that know-how back to their countries," said Smith. "It's my number one worry." he added.
"In a speech at the University of Georgia last month, he described a stagnating credit reporting agency with a 'culture of tenure' and 'average talent", reports Bloomberg, adding that the Equifax CEO also bragged that the company's data-crunching business nonetheless earned a gross profit margin of 90%.
Smith's fastest growing area of security concern was state-sponsored hacking and espionage, he said. "It's countries you'd expect -- you know it's China, Russia, Iran, and Iraq -- and they're being very aggressive trying to get access to the know-how about how companies have built their capabilities, and transport that know-how back to their countries," said Smith. "It's my number one worry." he added.
"In a speech at the University of Georgia last month, he described a stagnating credit reporting agency with a 'culture of tenure' and 'average talent", reports Bloomberg, adding that the Equifax CEO also bragged that the company's data-crunching business nonetheless earned a gross profit margin of 90%.
You mean burglarized.
Currently stock holders just lose their investments. They should be informed that if they invest in a company that holds data they will be held personally liable for injuries of the company beyond their stock ownership.
Ok, that would pretty much kill investment. Maybe in the olden days you could invest in your small neighborhood company that would not do bad things ever, but those days have passed
I would settle for Equifax being destroyed. The remaining two "competitors" would certainly improve their security (which would only help the new generation, our data is already burned). But Equifax may survive. I am pretty sure they continue receive my new data even now.
It's been said a million times but companies always want the magic bullet solutions.
He's right that you should expect being compromised, but no safeguards were in place for what he said was inevitable.
Looking at the timeline of events it's clear that getting past the endpoints meant free reign in their network.
https://medium.com/@thegrugq/e...
Over the years the focus of the security industry has changed and it is no longer considered sufficient to have a crunchy shell with a soft interior. From behavioral analysis, to canary systems and binary whitelisting/flagging. There are so many things they could have done differently it's astounding.
By publicly asserting the unavoidability of a breach, and then having no plan of action prepared for that, he's admitting that their security plan is negligent.
In other words ''Cars crash, people die... seatbelts are useless''
Cwm, fjord-bank glyphs vext quiz
How much information was lost due to book keeping errors?
Was information lost by accident, or damaged due to the weather?
Could some one walk in and take the info without him knowing?
The only difference between digital data and paper, is just you can be targeted from anywhere in the world.
He would be safer if he did it on the computer, Not connected to the Internet. And took differential backups after close of business. And took those backups and locked them up.
That you you get the advantages of electric book keeping, but massive security. This doesn't work for bigger companies, but it can for a small one.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
"You don't hear about European companies having data breaches."
Of course. With the way the data breach laws are constructed, it's simply cheaper and easier buy off whoever discovers/exploits the breach and then pretend it never happened while locking down.
Chas - The one, the only.
THANK GOD!!!
> I would settle for Equifax being destroyed.
Equifax being destroyed, plus:
1) Every single C-level, board member, and president going away into pound-me-in-the-ass federal prison... forever.
2) Anyone who knew about the breach, but sat on it for six weeks while the above sold off their stock, joins them in the pen.
3) All assets of Equifax and of the above people... no matter where, or in what form, they are... are seized and liquidated; the proceeds used to compensate anyone who suffers identity theft or other credit or financial issues because of the breach.
Imagine all the people...