“One Person Took us Down”
Any IT person worth anything will design systems where single points of failure are either eliminated or minimized. Yet at Equifax, a company worth $17.4 billion this past July, there was one person responsible for patching the system which protected the personal financial information of more than 150 million people.
Any outside MSP or MSSP with even basic knowledge could have pointed out this flaw in the company’s systems. A second set of eyes would have been able to catch this design flaw.
Instead, the company was breached and as a result, Equifax lost much of its senior staff, its CEO was berated by congress today and the entire country will be in a crisis for at least a generation as the information stolen is some of the most crucial available.
Oh, and the company has lost over $4 billion so far and counting.
After today’s grilling, CEO Richard Smith is scheduled to testify at three additional congressional hearings this week. Talk about hell week.
Needless to say, if you are a CEO, investor or member of the board, ask for auditing and documentation of the company’s IT systems with a focus on cybersecurity. Ask for information on the cybersecurity training of the employees, ask for a list of past breaches to get a sense of how often the hackers have gotten through.
What was the response to the hacks? Has the organization been hit with ransomware? Did they need to pay the ransom? Why? Were the company’s backups not sufficiently managed?
Every company needs a Cybersecurity Culture and if you don’t ask the right questions of your workers, partners or sister-companies, important information may soon be compromised which could hurt you financially. Worst of all, this breach shows how an error on the part of a single individual can take down a $17 billion dollar company.
If this can happen at Equifax, it can happen anywhere.
Get a second opinion from an MSP or MSSP ASAP or risk being in the same boat as Equifax.