Not a day goes by that I do not see another security breach or system flaw being released. On Thursday, September 7, Equifax announced a major data breach affecting records for as many as 143 million American consumers. Nearly half the U.S. population may have had their Social Security numbers, drivers license numbers, birth dates, addresses and other sensitive information compromised by the security incident.
It is unclear what security safeguards Equifax had in place to prevent this type of incident from occurring. A class-action lawsuit filed the day of the breach accuses the organization of not spending enough to protect against cyber attacks. Regardless, this should serve as a wake-up call for all companies. It’s time for organizations to start treating their clients’ data with the same care they treat their own. According to IBM, 65% of ALL businesses have already been the target of a breach. If you haven’t been affected yet, personally or professionally, it’s only a matter of time. Saving time and money in the short-term by not implementing necessary IT controls and policies is a short-sighted and potentially lethal strategy.
I am a believer that most organizations need to see themselves as an IT company, if they don’t already. Everyone has a responsibility to protect sensitive data. Most do an inadequate job at it. There, I said it. Sorry.
While I can blather on about technical controls needed, I won’t here. I see the problem as a cultural one. Most companies just don’t shoulder the responsibility for a culture of awareness in their organization, and solely rely on snake-oil technical controls alone. Yes, Equifax, TJMaxx, Home Depot, Anthem, Ebay, JPMorgan, Sony, Target, Citibank – perhaps you too. Will you be adding your company’s name to this incredibly long list as well?
The time for wake ups was 5 years ago. We are rapidly entering the areas of negligence and misconduct.