What we learned this week from the news is that, even after that catastrophic breach that Equifax had where the credit histories and records of over 145 million Americans were exposed to attackers, the entire board was re-elected. Let’s sharpen that a bit – they were re-elected by shareholders after recommendations against that course of action by two different proxy advisers as cited by Bloomberg. So to recap, after one of the worst worst-case scenarios ever, there are virtually no consequences.
Revisiting Breach Assumptions
This article isn’t about judging Equifax and what they did or didn’t do right. I make it a point of not attacking victims. This post is about the bigger picture, and frankly asking the right question. The real question – after all the public outcry and congressional testimony – is, “What’s going on?”
I’ve been thinking about this because at one point I was seriously expecting news coverage of an angry mob with pitchforks and torches to show up at Equifax corporate headquarters. The news was brutal. Commentary from “security experts” was worse. Congress called their CEO before an inquiry panel and grilled him.
Then nothing happened. Literally, nothing happened.
After the Sony breach many of my peers thought – this is it, Sony’s finished. Wrong. Now after the Equifax breach, those same peers and more all cried – this is it, Equifax is finished. Wrong again. If you’re wondering what it’s going to take to really have a massive negative impact on an organization after a massive data breach – you’re not alone. The reality is even I’m a little bit uneasy with how quickly this one faded away with absolutely no negative consequences.
So I’ve thought about this and spent significant time trying to understand what’s going on. Unfortunately, the best answer I’ve (Read more...)
*** This is a Security Bloggers Network syndicated blog from The Ethical Hacker Network authored by Rafal Los. Read the original post at: http://feedproxy.google.com/~r/eh-net/~3/mzQ7TmJ-T5g/