SlideShare a Scribd company logo

Equifax Breach - Lessons - Cyber Rescue - 16th may 2018

Download as PPTX, PDF
Kevin Duffey
Kevin Duffey

Lessons that all business leaders can learn from the Equifax data breach, exploited by cyber criminals in 2017.

Business
1 of 20
Lessons Learned from Equifax Breach Dr Chaditsa Poulatova Cyber Rescue International Advisor 16th May 2018 These sides can be downloaded from our LinkedIn page: www.linkedin.com/company/cyber-rescue-alliance Or at this short URL: www.tinyurl.com/cyber999
LESSONS TO BE LEARNT AND MISTAKES NOT TO BE REPEATED 1. Mitigating the Cyber Risks is a Cross-departmental issue 2. Good Governance vs Poor Governance 3. A well thought response plan in place: who to be informed and when? 4. Communication channels should be prepared in advance 5. Cyber Security Ethos is needed across all sectors Who should be in charge? All employees should get the ‘basics’ right!
WOULD YOU INVEST IN THIS BUSINESS? Things looked good for the leadership of Equifax: a $17 billion market value, and praise for innovation. Share Price since start of2017
HOW THINGS LOOKED BEFORE BREACH Things looked good for the leadership of Equifax: a $17 billion market value, and praise for innovation.
VIEW FROM THE INSIDE = DISTINGUISHED! John J. Kelley III Mr. Kelley achieved a rating of “Distinguished” on his individual objectives for 2016. These objectives included: • Directing and improving the effectiveness and efficiency of the Company’s regulatory and government relations operations • Continuing to improve business unit support and alignment. • Continuing to refine and build out the Company’s global security organization. Mr Kelley received $2.8m compensation including performance bonus, an 8% increase on the previous year. Mr Kelley’s contract guarantees a $758,000 pension contribution if terminated for cause, or $11.3m if terminated without cause. Senior management were confident. They were getting results. “Distinguished” results… .
VIEW FROM THE OUTSIDE = VULNERABLE! John J. Kelley III But what could hackers see? The above shows vulnerabilities visible from outside.
HOW WAS TEAMWORK IN THE MIDDLE? John J. Kelley III Equifax says their CFO (above) wasn’t told in a timely way about the breach. Which is unfortunate, as he sold some shares a few days later… . Were cyber vulnerabilities always reviewed in a timely way by the Board? Was there a plan for informing senior execs about material cyber incidents?
WHAT DID THEY KNOW, WHEN DID THEY KNOW IT? May 16th July 29th August 2nd Sept 7th Equifax now believes it was breached before this date Equifax managers discovered the data breach Equifax CFO sold 13% of his shares in Equifax Equifax consultants register domains like equihax.com, (to prevent some of the fraud that often follows a breach announcement: criminal phishers spoofing its domain to get money & data by fraud) Equifax announces “cybersecurity incident” (after markets close, and 41 days after breach discovered) Breach Identified Trading Preparation Sept 5th Notification Is 41 days fast enough? When should the CFO be told? Did Equifax’s leaders pull together to fix things?
HOW DID THEY ANNOUNCE?
HOW DID THEY ANNOUNCE? TO WHAT RESPONSE? Breach affects 143 million people = half the USA Social Security number, credit card numbers, home address and birth dates among data lost. Allegedly, data taken via open-source software, Apache Struts (for building web applications). (Two thirds of Fortune 100 companies are using Apache Struts.)
Breach affects 143 million people = half the USA Social Security number, credit card numbers, home address and birth dates among data lost. Allegedly, data taken via open-source software, Apache Struts (for building web applications). (Two thirds of Fortune 100 companies are using Apache Struts.) Social media reacts within seconds. HOW DID THEY ANNOUNCE? TO WHAT RESPONSE?
AND HOW GOOD WAS THE HELP THEY ANNOUNCED? Some browsers blocked access to the site, as it looked like a scam. (The site wasn’t registered to Equifax, & its certificates didn’t perform proper revocation). The site runs WordPress, which isn’t very secure. Frustrations: On Sept 8th the site told many users to check back on 13th to see if they were affected.
THEIR GESTURE OF CREDIT MONITORING Free credit monitoring is offered on site. Conflict of interest? Some complain the monitoring services is owned by Equifax, and is often used to sell other services. Legal Conflict? Those who accept the credit monitoring seem to automatically give up their right to sue Equifax. A credit freeze is recommended by many experts (eg Brian Krebs).
WHEN THINGS COULDN’T GET ANY WORSE…
WHAT DID THE MEDIA THINK?
SOME RISKS THE 143 MILLION INDIVIDUALS NOW FACE Tax Refund Fraud Loan Account Fraud Credit Card Fraud Benefits Fraud
Equifax Share Price since start of2017 Each share was worth$142 at the start of Sept 2017, giving Equifaxa market value of $17.2billion. In 3days, the value fell exactly a third, wipingout over $5billion ofvalue. VALUE DOWN $5 BILLION IN 3 DAYS TRADING
CALLED IN FRONT OF THE SENATE “AsCEO I was ultimately responsible…. “An unpatched vulnerability allowed hackers toaccess personal identifying information…. “We struggled with the initial effort to meet the challenges that effective remediation posed…. “Experts told usto prepare for exponentially more attacks after the notification, from “copycat”attempts…. “The challenge of building a website to notify consumers proved overwhelming. Regrettably, mistakes weremade. 143 million consumers were notified of the breach, and 7.5 million have registered for ourremediation offer. Before I decided to step down as CEO, our CIO and CISO also left thecompany. Full transcript: https://www.cyberrescue.co.uk/library/response#equifaxoct2017
WHAT DOES THE EQUIFAX EXPERIENCE INSPIRE YOU TO DO, TODAY? If you were Mark L. Feidler, what would you have done differently? What actions should your organisation take? • Provide Online Training about Cyber Risks to staff • Run Security Scorecard on your (supplier) systems • Every department needs to prepare to mitigate the operational, commercial and reputational damage from a breach.
Lessons Learned from Equifax Breach Dr Chaditsa Poulatova Cyber Rescue International Advisor 16th May 2018 These sides can be downloaded from our LinkedIn page: www.linkedin.com/company/cyber-rescue-alliance Short URL: www.tinyurl.com/cyber999

Recommended

Equifax data breach
Equifax data breachEquifax data breach
Equifax data breach
Sajib Sen
 
Equifax
Equifax Equifax
Equifax
nsjsj4
 
Equifax Breach Postmortem
Equifax Breach PostmortemEquifax Breach Postmortem
Equifax Breach Postmortem
Adrian Sanabria
 
Sony Playstation Hack Presentation
Sony Playstation Hack PresentationSony Playstation Hack Presentation
Sony Playstation Hack Presentation
CreditCardFinder
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
Jack Nichelson
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
Evolve IP
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
AmineRached2
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
Bradford Bach
 

Recommended

Equifax data breach
Equifax data breachEquifax data breach
Equifax data breach
Sajib Sen
 
Equifax
Equifax Equifax
Equifax
nsjsj4
 
Equifax Breach Postmortem
Equifax Breach PostmortemEquifax Breach Postmortem
Equifax Breach Postmortem
Adrian Sanabria
 
Sony Playstation Hack Presentation
Sony Playstation Hack PresentationSony Playstation Hack Presentation
Sony Playstation Hack Presentation
CreditCardFinder
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
Jack Nichelson
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
Evolve IP
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
AmineRached2
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
Bradford Bach
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
Andy Thompson
 
Current Trends in Fraud Prevention
Current Trends in Fraud PreventionCurrent Trends in Fraud Prevention
Current Trends in Fraud Prevention
Blackbaud
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
phexcom1
 
Bangladesh bank heist case study!
Bangladesh bank heist case study!Bangladesh bank heist case study!
Bangladesh bank heist case study!
Mohammed Jaseem Tp
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
Zoho Corporation
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
Lokesh Bysani
 
1. Cybercrime Response Policy_Gibum Kim.pdf
1. Cybercrime Response Policy_Gibum Kim.pdf1. Cybercrime Response Policy_Gibum Kim.pdf
1. Cybercrime Response Policy_Gibum Kim.pdf
SIPLLEMDIKLAT
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
PECB
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...
Sara-Jayne Terp
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
Accenture
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacks
Texas Medical Liability Trust
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
Mikel Solabarrieta
 
Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
DallasHaselhorst
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in Healthcare
CompTIA
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
 
Equifax breach - how to lose friends and customers...
Equifax breach - how to lose friends and customers...Equifax breach - how to lose friends and customers...
Equifax breach - how to lose friends and customers...
Kevin Duffey
 
ETHICS03 - Equity Funding Scandal - Case Study
ETHICS03 - Equity Funding Scandal - Case StudyETHICS03 - Equity Funding Scandal - Case Study
ETHICS03 - Equity Funding Scandal - Case Study
Michael Heron
 

More Related Content

What's hot

Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
Andy Thompson
 
Current Trends in Fraud Prevention
Current Trends in Fraud PreventionCurrent Trends in Fraud Prevention
Current Trends in Fraud Prevention
Blackbaud
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
phexcom1
 
Bangladesh bank heist case study!
Bangladesh bank heist case study!Bangladesh bank heist case study!
Bangladesh bank heist case study!
Mohammed Jaseem Tp
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
Zoho Corporation
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
Lokesh Bysani
 
1. Cybercrime Response Policy_Gibum Kim.pdf
1. Cybercrime Response Policy_Gibum Kim.pdf1. Cybercrime Response Policy_Gibum Kim.pdf
1. Cybercrime Response Policy_Gibum Kim.pdf
SIPLLEMDIKLAT
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
PECB
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...
Sara-Jayne Terp
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
Accenture
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacks
Texas Medical Liability Trust
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
Mikel Solabarrieta
 
Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
DallasHaselhorst
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in Healthcare
CompTIA
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
 

What's hot (20)

Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
 
Current Trends in Fraud Prevention
Current Trends in Fraud PreventionCurrent Trends in Fraud Prevention
Current Trends in Fraud Prevention
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
 
Bangladesh bank heist case study!
Bangladesh bank heist case study!Bangladesh bank heist case study!
Bangladesh bank heist case study!
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
 
1. Cybercrime Response Policy_Gibum Kim.pdf
1. Cybercrime Response Policy_Gibum Kim.pdf1. Cybercrime Response Policy_Gibum Kim.pdf
1. Cybercrime Response Policy_Gibum Kim.pdf
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacks
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
 
Ransomware
RansomwareRansomware
Ransomware
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in Healthcare
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 

Similar to Equifax Breach - Lessons - Cyber Rescue - 16th may 2018

Equifax breach - how to lose friends and customers...
Equifax breach - how to lose friends and customers...Equifax breach - how to lose friends and customers...
Equifax breach - how to lose friends and customers...
Kevin Duffey
 
ETHICS03 - Equity Funding Scandal - Case Study
ETHICS03 - Equity Funding Scandal - Case StudyETHICS03 - Equity Funding Scandal - Case Study
ETHICS03 - Equity Funding Scandal - Case Study
Michael Heron
 
Data Security Read the article below and answer the following questi.pdf
Data Security Read the article below and answer the following questi.pdfData Security Read the article below and answer the following questi.pdf
Data Security Read the article below and answer the following questi.pdf
info48697
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
seadeloitte
 
A Case Study Analysis Of The Equifax Data Breach
A Case Study Analysis Of The Equifax Data BreachA Case Study Analysis Of The Equifax Data Breach
A Case Study Analysis Of The Equifax Data Breach
Andrea Porter
 
Primer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsPrimer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directors
David X Martin
 
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docxThe Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
arnoldmeredith47041
 
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docxThe Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
todd701
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
bugcrowd
 
IT Security and Risk Management - A - ST.docx
IT Security and Risk Management - A - ST.docxIT Security and Risk Management - A - ST.docx
IT Security and Risk Management - A - ST.docx
smumbahelp
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarDon Grauel
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
Shawn Tuma
 
Forrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelForrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust model
Cristian Garcia G.
 
Cyber Crime and a Case Study
Cyber Crime and a Case StudyCyber Crime and a Case Study
Cyber Crime and a Case Study
Pratham Jaiswal
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
Brian Pichman
 
Process Pricing Isaac James
Process Pricing Isaac JamesProcess Pricing Isaac James
Process Pricing Isaac James
Raquel Pellicier
 

Similar to Equifax Breach - Lessons - Cyber Rescue - 16th may 2018 (20)

Equifax breach - how to lose friends and customers...
Equifax breach - how to lose friends and customers...Equifax breach - how to lose friends and customers...
Equifax breach - how to lose friends and customers...
 
ETHICS03 - Equity Funding Scandal - Case Study
ETHICS03 - Equity Funding Scandal - Case StudyETHICS03 - Equity Funding Scandal - Case Study
ETHICS03 - Equity Funding Scandal - Case Study
 
Data Security Read the article below and answer the following questi.pdf
Data Security Read the article below and answer the following questi.pdfData Security Read the article below and answer the following questi.pdf
Data Security Read the article below and answer the following questi.pdf
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
A Case Study Analysis Of The Equifax Data Breach
A Case Study Analysis Of The Equifax Data BreachA Case Study Analysis Of The Equifax Data Breach
A Case Study Analysis Of The Equifax Data Breach
 
Primer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directorsPrimer on cybersecurity for boards of directors
Primer on cybersecurity for boards of directors
 
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docxThe Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
 
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docxThe Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
IT Security and Risk Management - A - ST.docx
IT Security and Risk Management - A - ST.docxIT Security and Risk Management - A - ST.docx
IT Security and Risk Management - A - ST.docx
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
 
Forrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelForrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust model
 
Cyber Crime and a Case Study
Cyber Crime and a Case StudyCyber Crime and a Case Study
Cyber Crime and a Case Study
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
 
Process Pricing Isaac James
Process Pricing Isaac JamesProcess Pricing Isaac James
Process Pricing Isaac James
 

More from Kevin Duffey

Cyber Insights from 100 surveys
Cyber Insights from 100 surveysCyber Insights from 100 surveys
Cyber Insights from 100 surveys
Kevin Duffey
 
Cyber TPRM - the journey ahead
Cyber TPRM - the journey aheadCyber TPRM - the journey ahead
Cyber TPRM - the journey ahead
Kevin Duffey
 
Ensuring Cyber Resilience in the Finance Sector
Ensuring Cyber Resilience in the Finance SectorEnsuring Cyber Resilience in the Finance Sector
Ensuring Cyber Resilience in the Finance Sector
Kevin Duffey
 
Breaches Anticipated in 2022 - November 1st, 2022
Breaches Anticipated in 2022 - November 1st, 2022Breaches Anticipated in 2022 - November 1st, 2022
Breaches Anticipated in 2022 - November 1st, 2022
Kevin Duffey
 
Best Cyber Insights of 2022, from over 200 surveys
Best Cyber Insights of 2022, from over 200 surveysBest Cyber Insights of 2022, from over 200 surveys
Best Cyber Insights of 2022, from over 200 surveys
Kevin Duffey
 
Breaches Anticipated in 2022 as Cyber Security Posture so Low
Breaches Anticipated in 2022 as Cyber Security Posture so LowBreaches Anticipated in 2022 as Cyber Security Posture so Low
Breaches Anticipated in 2022 as Cyber Security Posture so Low
Kevin Duffey
 
Cyber Insurance - Best Insights of June 2022.pptx
Cyber Insurance - Best Insights of June 2022.pptxCyber Insurance - Best Insights of June 2022.pptx
Cyber Insurance - Best Insights of June 2022.pptx
Kevin Duffey
 
Best Cyber Risk Insights from 100 reports published in year to March 2022
Best Cyber Risk Insights from 100 reports published in year to March 2022Best Cyber Risk Insights from 100 reports published in year to March 2022
Best Cyber Risk Insights from 100 reports published in year to March 2022
Kevin Duffey
 
Breaches Anticipated - because firms have weak cyber security visible to hac...
Breaches Anticipated - because firms have weak cyber security visible to hac...Breaches Anticipated - because firms have weak cyber security visible to hac...
Breaches Anticipated - because firms have weak cyber security visible to hac...
Kevin Duffey
 
Cyber insurance insights - 17th feb 2022
Cyber insurance insights - 17th feb 2022Cyber insurance insights - 17th feb 2022
Cyber insurance insights - 17th feb 2022
Kevin Duffey
 
Breaches anticipated in 2021 - Published 14th Jjune 2021
Breaches anticipated in 2021 - Published 14th Jjune 2021Breaches anticipated in 2021 - Published 14th Jjune 2021
Breaches anticipated in 2021 - Published 14th Jjune 2021
Kevin Duffey
 
Cyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial ServicesCyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial Services
Kevin Duffey
 
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Kevin Duffey
 
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Kevin Duffey
 
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
Kevin Duffey
 
Cyber Resilience across Subsidiaries and Suppliers
Cyber Resilience across Subsidiaries and SuppliersCyber Resilience across Subsidiaries and Suppliers
Cyber Resilience across Subsidiaries and Suppliers
Kevin Duffey
 
London First - cyber attack simulation - 22nd May 2018
London First - cyber attack simulation - 22nd May 2018London First - cyber attack simulation - 22nd May 2018
London First - cyber attack simulation - 22nd May 2018
Kevin Duffey
 
Cyber Attack Simulation for 450 Executives
Cyber Attack Simulation for 450 ExecutivesCyber Attack Simulation for 450 Executives
Cyber Attack Simulation for 450 Executives
Kevin Duffey
 
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
Kevin Duffey
 
The Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber SecurityThe Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber Security
Kevin Duffey
 

More from Kevin Duffey (20)

Cyber Insights from 100 surveys
Cyber Insights from 100 surveysCyber Insights from 100 surveys
Cyber Insights from 100 surveys
 
Cyber TPRM - the journey ahead
Cyber TPRM - the journey aheadCyber TPRM - the journey ahead
Cyber TPRM - the journey ahead
 
Ensuring Cyber Resilience in the Finance Sector
Ensuring Cyber Resilience in the Finance SectorEnsuring Cyber Resilience in the Finance Sector
Ensuring Cyber Resilience in the Finance Sector
 
Breaches Anticipated in 2022 - November 1st, 2022
Breaches Anticipated in 2022 - November 1st, 2022Breaches Anticipated in 2022 - November 1st, 2022
Breaches Anticipated in 2022 - November 1st, 2022
 
Best Cyber Insights of 2022, from over 200 surveys
Best Cyber Insights of 2022, from over 200 surveysBest Cyber Insights of 2022, from over 200 surveys
Best Cyber Insights of 2022, from over 200 surveys
 
Breaches Anticipated in 2022 as Cyber Security Posture so Low
Breaches Anticipated in 2022 as Cyber Security Posture so LowBreaches Anticipated in 2022 as Cyber Security Posture so Low
Breaches Anticipated in 2022 as Cyber Security Posture so Low
 
Cyber Insurance - Best Insights of June 2022.pptx
Cyber Insurance - Best Insights of June 2022.pptxCyber Insurance - Best Insights of June 2022.pptx
Cyber Insurance - Best Insights of June 2022.pptx
 
Best Cyber Risk Insights from 100 reports published in year to March 2022
Best Cyber Risk Insights from 100 reports published in year to March 2022Best Cyber Risk Insights from 100 reports published in year to March 2022
Best Cyber Risk Insights from 100 reports published in year to March 2022
 
Breaches Anticipated - because firms have weak cyber security visible to hac...
Breaches Anticipated - because firms have weak cyber security visible to hac...Breaches Anticipated - because firms have weak cyber security visible to hac...
Breaches Anticipated - because firms have weak cyber security visible to hac...
 
Cyber insurance insights - 17th feb 2022
Cyber insurance insights - 17th feb 2022Cyber insurance insights - 17th feb 2022
Cyber insurance insights - 17th feb 2022
 
Breaches anticipated in 2021 - Published 14th Jjune 2021
Breaches anticipated in 2021 - Published 14th Jjune 2021Breaches anticipated in 2021 - Published 14th Jjune 2021
Breaches anticipated in 2021 - Published 14th Jjune 2021
 
Cyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial ServicesCyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial Services
 
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
 
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
 
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
 
Cyber Resilience across Subsidiaries and Suppliers
Cyber Resilience across Subsidiaries and SuppliersCyber Resilience across Subsidiaries and Suppliers
Cyber Resilience across Subsidiaries and Suppliers
 
London First - cyber attack simulation - 22nd May 2018
London First - cyber attack simulation - 22nd May 2018London First - cyber attack simulation - 22nd May 2018
London First - cyber attack simulation - 22nd May 2018
 
Cyber Attack Simulation for 450 Executives
Cyber Attack Simulation for 450 ExecutivesCyber Attack Simulation for 450 Executives
Cyber Attack Simulation for 450 Executives
 
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
 
The Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber SecurityThe Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber Security
 

Recently uploaded

In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
Adani case
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
JeremyPeirce1
 
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
my Pandit
 
An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.
Any kyc Account
 
buy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accountsbuy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accounts
Susan Laney
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
tanyjahb
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Holger Mueller
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
balatucanapplelovely
 
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Boris Ziegler
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
Top Forex Brokers Review
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
FelixPerez547899
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
LuanWise
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
dylandmeas
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
AnnySerafinaLove
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 

Recently uploaded (20)

In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
 
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
 
An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.
 
buy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accountsbuy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accounts
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
 
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 

Equifax Breach - Lessons - Cyber Rescue - 16th may 2018

  • 1. Lessons Learned from Equifax Breach Dr Chaditsa Poulatova Cyber Rescue International Advisor 16th May 2018 These sides can be downloaded from our LinkedIn page: www.linkedin.com/company/cyber-rescue-alliance Or at this short URL: www.tinyurl.com/cyber999
  • 2. LESSONS TO BE LEARNT AND MISTAKES NOT TO BE REPEATED 1. Mitigating the Cyber Risks is a Cross-departmental issue 2. Good Governance vs Poor Governance 3. A well thought response plan in place: who to be informed and when? 4. Communication channels should be prepared in advance 5. Cyber Security Ethos is needed across all sectors Who should be in charge? All employees should get the ‘basics’ right!
  • 3. WOULD YOU INVEST IN THIS BUSINESS? Things looked good for the leadership of Equifax: a $17 billion market value, and praise for innovation. Share Price since start of2017
  • 4. HOW THINGS LOOKED BEFORE BREACH Things looked good for the leadership of Equifax: a $17 billion market value, and praise for innovation.
  • 5. VIEW FROM THE INSIDE = DISTINGUISHED! John J. Kelley III Mr. Kelley achieved a rating of “Distinguished” on his individual objectives for 2016. These objectives included: • Directing and improving the effectiveness and efficiency of the Company’s regulatory and government relations operations • Continuing to improve business unit support and alignment. • Continuing to refine and build out the Company’s global security organization. Mr Kelley received $2.8m compensation including performance bonus, an 8% increase on the previous year. Mr Kelley’s contract guarantees a $758,000 pension contribution if terminated for cause, or $11.3m if terminated without cause. Senior management were confident. They were getting results. “Distinguished” results… .
  • 6. VIEW FROM THE OUTSIDE = VULNERABLE! John J. Kelley III But what could hackers see? The above shows vulnerabilities visible from outside.
  • 7. HOW WAS TEAMWORK IN THE MIDDLE? John J. Kelley III Equifax says their CFO (above) wasn’t told in a timely way about the breach. Which is unfortunate, as he sold some shares a few days later… . Were cyber vulnerabilities always reviewed in a timely way by the Board? Was there a plan for informing senior execs about material cyber incidents?
  • 8. WHAT DID THEY KNOW, WHEN DID THEY KNOW IT? May 16th July 29th August 2nd Sept 7th Equifax now believes it was breached before this date Equifax managers discovered the data breach Equifax CFO sold 13% of his shares in Equifax Equifax consultants register domains like equihax.com, (to prevent some of the fraud that often follows a breach announcement: criminal phishers spoofing its domain to get money & data by fraud) Equifax announces “cybersecurity incident” (after markets close, and 41 days after breach discovered) Breach Identified Trading Preparation Sept 5th Notification Is 41 days fast enough? When should the CFO be told? Did Equifax’s leaders pull together to fix things?
  • 9. HOW DID THEY ANNOUNCE?
  • 10. HOW DID THEY ANNOUNCE? TO WHAT RESPONSE? Breach affects 143 million people = half the USA Social Security number, credit card numbers, home address and birth dates among data lost. Allegedly, data taken via open-source software, Apache Struts (for building web applications). (Two thirds of Fortune 100 companies are using Apache Struts.)
  • 11. Breach affects 143 million people = half the USA Social Security number, credit card numbers, home address and birth dates among data lost. Allegedly, data taken via open-source software, Apache Struts (for building web applications). (Two thirds of Fortune 100 companies are using Apache Struts.) Social media reacts within seconds. HOW DID THEY ANNOUNCE? TO WHAT RESPONSE?
  • 12. AND HOW GOOD WAS THE HELP THEY ANNOUNCED? Some browsers blocked access to the site, as it looked like a scam. (The site wasn’t registered to Equifax, & its certificates didn’t perform proper revocation). The site runs WordPress, which isn’t very secure. Frustrations: On Sept 8th the site told many users to check back on 13th to see if they were affected.
  • 13. THEIR GESTURE OF CREDIT MONITORING Free credit monitoring is offered on site. Conflict of interest? Some complain the monitoring services is owned by Equifax, and is often used to sell other services. Legal Conflict? Those who accept the credit monitoring seem to automatically give up their right to sue Equifax. A credit freeze is recommended by many experts (eg Brian Krebs).
  • 14. WHEN THINGS COULDN’T GET ANY WORSE…
  • 15. WHAT DID THE MEDIA THINK?
  • 16. SOME RISKS THE 143 MILLION INDIVIDUALS NOW FACE Tax Refund Fraud Loan Account Fraud Credit Card Fraud Benefits Fraud
  • 17. Equifax Share Price since start of2017 Each share was worth$142 at the start of Sept 2017, giving Equifaxa market value of $17.2billion. In 3days, the value fell exactly a third, wipingout over $5billion ofvalue. VALUE DOWN $5 BILLION IN 3 DAYS TRADING
  • 18. CALLED IN FRONT OF THE SENATE “AsCEO I was ultimately responsible…. “An unpatched vulnerability allowed hackers toaccess personal identifying information…. “We struggled with the initial effort to meet the challenges that effective remediation posed…. “Experts told usto prepare for exponentially more attacks after the notification, from “copycat”attempts…. “The challenge of building a website to notify consumers proved overwhelming. Regrettably, mistakes weremade. 143 million consumers were notified of the breach, and 7.5 million have registered for ourremediation offer. Before I decided to step down as CEO, our CIO and CISO also left thecompany. Full transcript: https://www.cyberrescue.co.uk/library/response#equifaxoct2017
  • 19. WHAT DOES THE EQUIFAX EXPERIENCE INSPIRE YOU TO DO, TODAY? If you were Mark L. Feidler, what would you have done differently? What actions should your organisation take? • Provide Online Training about Cyber Risks to staff • Run Security Scorecard on your (supplier) systems • Every department needs to prepare to mitigate the operational, commercial and reputational damage from a breach.
  • 20. Lessons Learned from Equifax Breach Dr Chaditsa Poulatova Cyber Rescue International Advisor 16th May 2018 These sides can be downloaded from our LinkedIn page: www.linkedin.com/company/cyber-rescue-alliance Short URL: www.tinyurl.com/cyber999