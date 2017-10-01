Equifax CEO: All Companies Get Breached (fortune.com) 22
An anonymous reader quotes Fortune:There are two kinds of companies, according to a saying that former Equifax CEO Rick Smith shared in a speech at the University of Georgia on August 17. "There's those companies that have been breached and know it, and there are those companies that have been breached and don't know it," he said. Though it was still 21 days before his company would reveal that it had been massively hacked, Equifax, at that time, had been breached and knew it...
Smith's fastest growing area of security concern was state-sponsored hacking and espionage, he said. "It's countries you'd expect -- you know it's China, Russia, Iran, and Iraq -- and they're being very aggressive trying to get access to the know-how about how companies have built their capabilities, and transport that know-how back to their countries," said Smith. "It's my number one worry." he added.
"In a speech at the University of Georgia last month, he described a stagnating credit reporting agency with a 'culture of tenure' and 'average talent", reports Bloomberg, adding that the Equifax CEO also bragged that the company's data-crunching business nonetheless earned a gross profit margin of 90%.
My cousin runs a company and they build houses. He keeps all his business on ledgers and note books. Not a efficient way to run a business but it is his way. He has never been hacked.
Not sure if you read the article but that is not what he is saying. He is saying that regardless of what you do you are breached. whether you know it or not. Which tells me that he is an idiot.
It's holding data. If a company wants to risk my security by profiting from amassing data on me I should be able to have some finiacial recourse when they injur me with their breach. If they can't secure my data then they should not hold it. If one really feels that all companies will be breached then that person should actually know what they are doing is going to cause an injury and therefore should be liable for it.
liability is the key here. Until companies have a dear cost associated with lack of security there will be no security.
But that's not enough. we can't have companies who are good citizens, paying money to protect others, masking data so it is stored more anonymously, and so forth incurring higher costs that some jackass comapny willing to pay fast and lose. Those risk taking companies will have lower costs of operation and put the conscientious companies out of bussiness. When they fail sometimes we respond by crippling the whole industry rather than punishing the shareholders of the bad companies.
So we need not just damages but 10 fold punative damages that reach to the stock holders that invest. Currently stock holders just lose their investments. They should be informed that if they invest in a company that holds data they will be held personally liable for injuries of the company beyond their stock ownership.
then we'd see some good data practices. We'd see companies clamoring to be regulated. we'd see a lot less naked storage of raw data behind single passwords.
it's not the breach. It's the gathering of data without direct consequences for it's loss.
"it's not the breach."
It's hiring a musician as anti-breach specialist.
The level of incompetence in corporate IT at times is staggering!!! https://thedailywtf.com/articl... [thedailywtf.com]
Until there are -real consequences- to management (personally and individually) from getting hacked, CxOs of all stripes (CEO, CIO, CISO, etc) will continue to get away with this.
If all companies get breached, then no company should be allowed to keep data on a scale like that that can be so damaging if it gets stolen.
"Equifax CEO: All Companies Get Breached "
But only you had hired a musician as an Anti-Breach specialist.
Those that we know we should fire out of a cannon and those that we don't know we should yet.
There's the third kind: The kind that doesn't store personal information unnecessarily.
Hint: You're not the third kind.
A single word makes all the difference.
He's correct when the company does not maintain their Internet facing platform. Which is exactly what Equifax did.
I guess they decided to save money in IT. And perhaps had poorly qualified personnel. Because management doesn't understand IT, so it must be "easy" and something that should be cheap.
Equifax says: "Breaches are a cost of business!" Sorry, non-customer that we lost all of your data and our incompetence will cost you for years to come!!!
Given the vast negati
Immutable data should not have any value at all.
My name and SSN are assigned to me. I cannot choose or change them. Thus, they should have no business value, esp no value in the credit / financial context.
My address, my employment, my family are essentially fixed as well. Again - this data could be public. It should have no value.
"Identity theft" as perceived in the US must disappear.
Stopping the criminals won't work - as long as there is anything of value, there will be intent and crime to get it.
The value
All Companies Get Breached
Well that means we can stop patching software we know has open security holes/backdoors. Nice, makes our jobs much easier. I guess that means it was not Equifax's fault
/s