A while back I wrote about the Ashley Madison "hack" and the fact that this company had self proclaimed themselves secure with a made up Security Award. Well... seems they all went to the same business school as what Equifax is doing and how they are responding to this breach is inline with this type of business practice.
Combine all this with the fact that senior executives sold 2 million in stocks prior to the announcement, and then you add to that the unknown person or persons who shorted the stock and made another 4 million.... you have yourself a really nice picture generally called insider trading along with a few more terms not fit for small children.
Suspect trading in Equifax options before breach might have generated millions in profit
This all points to something missing in our wonderful world called PENALTIES. Not penalties for the enterprise. The executives do not care if the enterprise has to pay some penalties. Penalities for the executives including jail time when their actions are criminal in nature.
I'm not referencing the insider trading, which I hope is considered criminal. I'm referencing the lack of respect for their customers data and willful blindness when serious security shortcomings are reported up the chain of command.
And by the way, why are we calling ourselves customers, when in fact we are their product, not their customers. We are forced to deal with companies run by clowns, and the only time we are customers is if we subscribe to one of their shitty services to access our own damned data and make sure they are reporting accurately on our data !!! What world are we allowing ourselves to live in.
I have to pay a monthly fee to access my data that I never wanted these idiots to have. Why... because the banks "need" it the authorize my mortgage. We certainly don't want the banks taking too much risk. Wait... didn't they seriously screw up a few years back and lend billions of dollars that they shouldn't have and then the US government bailed them out and they all took in BONUSES !
If you want a really good laugh, take a look at Equifax's SOC 2 TYPE II attestation report.
Proof again, that traditional auditing mechanism are meaningless because people LIE.
Listen up folks: Companies on the stock market are filled with executives who have ONE priority, themselves. Therefor they LIE, COVER UP, and IGNORE some pretty significant elements that lead to events like this. Their bonuses are dependant on everything looking great.
So there you have it folks. A great big company, audited by other great big companies, compromised at all levels including ethically and morally.
No wonder I prefer family run businesses. My two most significant clients are family run (one is 500m revenue and the other is several billion) and surprise surprise, when something comes up as a security risk, the CIO brings to the the CEO and no one hides anything. They just manage the risk, takes decisions, figure out how to be better and fix things.
Wow.... that's revolutionary.
Eric Parent is a senior security expert, specialized in coaching senior executives. He teaches CyberSecurity at l'Ecole Polytechnique and HEC Universities in Montreal, and is CEO of Logicnet/EVA-Technologies, one of Canada's oldest privately owned security companies.
Follow Eric on: