Equifax and Deloitte: how to avoid it
Companies Equifax and Deloitte have recently sustained cyber security incidents causing serious damage.
Equifax is regarded as the company with the highest credit monitoring in the world, and Deloitte is one of the so-called “Big Four” due to its broad service offer and worldwide availability. Both of these companies are consolidated as large entities in their corresponding industries.
The reputation of both was damaged by recent events. The news on these incidents disseminated all over the media, at the stock market, in legal environments and social media, even though the details of such incidents were not published by the victims in fear of bad advertising, loss of reputation, economic damage, and the like.
This is a summary of what happened on both cases:
Equifax: On September 17, 2017, the company reported that an unauthorized access to its infrastructure had taken place on July 29. The data downloaded by the cyber attackers included social security numbers, credit records and credit card numbers of 143 million American citizens and customers from other countries. Such data was sold at the black market immediately.
Deloitte: On September 25, 2017, the attack on the company was revealed to the public: customers’ email addresses and trade secrets were disclosed. The incident was discovered in March, but it was presumed to have occurred during October and November, 2016.
Apart from the logic concerns, an underlying question deserves to be asked: how could have taken so long for these incidents to be discovered?
The grim answer is that security processes fail.
How can we avoid these incidents?
Whether for a small company or for a large multinational corporation, protection, detection and correction processes are never 100% effective.
Likewise, no security measures deployed can be trusted wholeheartedly, nor can regular audits and reviews be overlooked.
The correct combination of defense processes, constant testing and detection mechanisms may entail a significant difference on the exposure level of any type of organization.