Credit-reporting service Equifax was hacked in an incident that may have compromised the data of 143 million people. The seriousness of this latest breach may cause a major rethink in the cyber-security sector.
Equifax, one of the three major consumer credit reporting agencies disclosed on Thursday that hackers may have gained access to the confidential data of almost half of Americans. The company said that hackers accessed company files from mid-May to July through a weak point in website software.
This is one of the largest breaches of personal information in recent years. In terms of severity, "this is really bad," stressed CIO strategist Kevin Dennean. "It's really bad due to two things: first is the large number of records stolen. Second, the nature of the data stolen makes this case particularly severe."
Compromised data included social security numbers, birth dates and addresses. Possession of such data opens the way for identity theft, potentially allowing criminals to open credit lines in consumers' names.
Recognizing the growing threat of cyber-attacks, corporations have increased their spending on cyber-security in recent years. However, it's a cat and mouse game and the mouse is growing ever more sophisticated. "Hacking has come a long way from its start as a world of amateurs to highly sophisticated rings of criminals with complex motivations and methods," said Dennean.
The Equifax security breach could cause a major rethink of cyber-security practices.
"Years ago, the focus was on end-point security and keeping the bad guys out," pointed out Dennean. But then companies realized it was unrealistic to try to keep out all threats, so major portions of cybersecurity budgets were allocated instead to detection and remediation – finding and neutralizing threats after they've breached systems, he explained.
Major high profile attacks involving consumer data, like this Equifax incident, tend to lead to reevaluation of industry wide security practices and the architecture of digital security. We could be at another paradigm shift, according to Dennean.
While it's hard to say which direction a rethink may take, such conversations will likely lead to an increase in cybersecurity spending.
The cybersecurity sector topped USD 75bn in 2015 and global cyber-security spending could reach USD 170bn by 2020, according to technology research firm Gartner in a 2017 report.
The rise in hacking also creates more need for insurance against cybercrimes, pointed out Dennean. "In the past the premiums weren't worth it for companies but if punitive damages go up as regulatory scrutiny increases, companies will be more incentivized to buy cybersecurity insurance. Simply put, as many executives have learned, the potential cost savings of not spending on cyber-security are far outweighed by the economic and reputational risks of being hacked."
While corporations are shoring up cyber-security defenses, individuals need to be vigilant as well. Keeping software updated, being careful of what sites to visit and monitoring one's credit and online identity are important steps to protecting oneself against, or at least limiting the damage of, hackers.
- For more on what steps you can take to protect yourself, Equifax has set up a Web siteAnyone concerned can visit to see if they may be impacted by the breach.
- The site also lets consumers enroll in one year of free credit monitoring service. Offer expires Nov. 21, 2017.