Last week, the consumer credit reporting agency Equifax announced that the personal and financial data of 143 million people was compromised in a cyberattack. Some of the personally identifiable information (PII) stolen included Social Security Numbers, driver’s licenses, names, birth dates and addresses.
Following the breach – which may shape out to be one of the largest this year – we reached out to two of our executives for their expert insights:
Senior Director of Product Charles Goldberg, on the Equifax breach:
Our recent Data Threat Research report shows that companies are still over-reliant on network security solutions, even though they are aware of their inability to adequately protect a modern enterprise company. As data continues to distribute itself across data centers, virtual machines, cloud services, and serverless environments, it is becoming ever more critical to find data security solutions that follow the data—wherever it goes. The Equifax breach also shows the importance of protecting all the PII data, not just SSNs, as there is now a concern that this treasure trove of stolen data on U.S. consumers can be used for password recovery and social-engineering attacks.
CTO Jon Geater, on whether stricter government relation is needed to prevent data breaches like Equifax (also published in CityAM):
Generally, good legislation needs to be backed up by a strong and technically competent enforcement regime. This is sadly lacking when it comes to data protection.
We are now well past the point that we – as a society – can hide behind the “cyber” word, and pretend that computers and data are somehow special and mysterious.
It would be unthinkable to take away building-code compliance for buildings, or indeed roadworthiness certification for vehicles. Yet we exist in a world where computers and data are just as integral to the proper functioning of society, in which anyone can play without fear of breaking the rules.
The internet should remain free and open to enable the great benefits and innovation that we can expect of a connected society. But the operating businesses that take advantage of it also have the responsibility to treat both their computer systems and data professionally. Strong IT management, access control, and encryption should be the absolute minimum standard.
Agree? Disagree? Have questions? Tweet us @thalesesecurity. Alternatively, you can find Charles @chvrles and Jon @jongeater. For more on data breach protection and notification, check out our dedicated page.
This is a Security Bloggers Network syndicated blog post authored by Megan Nemeh. Read the original post at: Data Security Blog | Thales e-Security