Equifax, the credit agency guilty of poorly handling the private financial data of over 143 million consumers, has seen a 27 percent decrease in profits following the September hack.
Q3 profits dropped to $96.3 million, down over a quarter from the same period in 2016. Costs associated with the breach reached $87.5 million: $55.5 million in product costs, $17.1 million in professional fees, and $14.9 million in consumer support.
And the news keeps getting worse for Equifax. They claim to have incurred $4.7 million in costs as a result of offering free credit file monitoring and identity theft protection to all US customers. This is said to rise drastically to somewhere between $56 million and $110 million.
These figures represent the high price tag enterprises must pay for poorly handling cybersecurity.
The security community is shocked by how Equifax has dealt with the fallout from this breach. Hackers were able to exploit a known vulnerability at Equifax 2 months after US-CERT discovered the coding flaw and issued a solution for it, leaving hackers able to take advantage of the vulnerability for over 2 months. Since the breach Equifax’s CSO and CIO have ‘retired’, but many believe these were forced as a result of the patch neglect.
NNT recommends Hardening Systems to maintain security and hack-proof systems, requiring all known security vulnerabilities to be eliminated and mitigated. Vulnerability management and maintaining a hardened build standard are inextricably linked to tight change control. Any configuration changes, be it a through patching or other system maintenance, may introduce vulnerabilities so visibility and control of changes is an essential security best practice.
Read the article on InfoSecurity Magazine