Equifax has incurred losses of over $1.35bn so far following the devasting 2017 data breach involving the breach of 145 million customers personal financial data.
In the attack, hackers exploited a known security vulnerability that Equifax had left unpatched and compromised the personal and financial details of more than half of all Americans and millions on UK consumers. The known Apache Struts 2 flaw which caused this breach was left unpatched for over 2 months after a patch was issued. Data was exfiltrated for several months once hackers spotted the vulnerability.
The $1.35bn spent has been spent to adopt incremental technologies and pay associated data security costs, as well as “accrual for losses associated with the legal proceedings and investigations”.
The company claims that breach costs for the remainder of the year will be less than that spent in 2018, but during the first three months of 2019, the company has spent $82.5 on technology and data security, $12.5m in legal and investigative fees, and $1.5m for product liability.
Costs associated with technology and data security involve efforts to transform the technology infrastructure and improve application, network, and data security.
These new revelations should serve as a warning to organizations failing to implement proper cyber security controls. We suggest starting by implementing the Center for Internet Security CIS Controls. These twenty controls serve as the essential go-to guide for any data security and compliance professional and are broken down in three categories – basic, foundational, and organizational.
The first six CIS Controls (Basic) are the most critical to implement and manage. By just implementing the first six CIS Controls, your organization can prevent up to 90% of pervasive and dangerous cyber-attacks.
NNT’s products uniquely align with the requirements of these basic controls by providing a suite of products that address each of the control requirements.
To learn more about the Basic CIS Controls (Controls 1-6), click here to read our Guide to Understanding the Basic CIS Controls