get it right

Get it right or get out of the way

When a company has a break down in its processes blame is assigned based on whom the process owner is and the individual(s) responsible for completing the missed or an improperly executed task. When a low-level process is broken such as the case was with Experian and the missing Apache Struts patch that allowed an attacker to gain a foothold in their information system and steal 152 million records, I see little reason to start chopping off the heads of senior leadership. Processes should be reviewed at a regular interval that is appropriate for the businesses operational environment (annually, semi-annually, quarterly, or monthly). In Experian’s case, I believe there was a systematic breakdown where the process was broken, and no one up the chain of command was notified. A CIO and CSO at a company as large as Experian don’t have the time or resources to personally check-up on every department nor should they be required to micro-manage. Mid-level and upper-level management should be feeding data to the C-suite at their meetings and if something was off or missing it should’ve been addressed. (more…)

equifax breach

Equifax Data Breach Exposes 145.5 Million Records

What is Equifax? It’s a consumer credit reporting agency. Recently, on September 18, 2017, Equifax noticed it was a victim to what turned out to be one of the largest security breaches in history, and in early March it had begun “notifying a small number of outsiders and banking customers” about this attack.

Equifax was warned months before the breach about vulnerabilities (more…)