Story image

Equifax data breach: The end of cybersecurity as we know it

15 Sep 2017

Article by Gartner analyst, John A. Wheeler

As most everyone knows by now, one of the single largest data breaches in history was disclosed last week by the credit reporting giant, Equifax. While most people are rightly focused on the immediate impacts of this breach – personal fraud, credit and identity protections, waivers of right to sue, class-action lawsuits, etc. – few have considered the longer term implications of this event. So, here are three predictions of how the cybersecurity world will change in light of this monumental event.

1. Bankruptcy looms ahead for Equifax

In the last 4 business days since the company disclosed the data breach, Equifax has suffered a $5.3 billion loss in market capitalisation which represents almost a third of the company’s total value.

When considering an estimate of the potential costs associated with the data breach (based on the 2017 IBM/Ponemon Institute Cost of Data Breach Study), Equifax faces a potential loss of $20.2 billion which currently exceeds their total market value by $8.3 billion.

Also, the company currently faces more than 23 class-action lawsuits with at least one seeking more than $70 billion in damages. The death spiral will soon take on greater momentum when executives are required to testify before Congress and criminally investigated for potential insider trading related to the delayed disclosure of the data breach.

Equifax will ultimately be acquired out of bankruptcy by one of the remaining two credit reporting companies – TransUnion or Experian.

2. Social Security Number will be replaced by a more secure National ID

The use of Social Security Numbers (SSN) as the primary authentication device for US citizens will be eliminated. What will replace the SSN is anyone’s guess, but it can no longer serve in this capacity since at least half of the nation’s primary method of authentication has been compromised. Perhaps the US will follow Estonia’s lead in creating a true electronic national ID?

3. A federal cybersecurity act will be passed quickly

Attempts at passing federal legislation over cybersecurity have been futile in the past, but all of that will change. Similar to what happened in the aftermath of the Enron and Worldcom accounting frauds, broad reaching legislation will be crafted and passed much like the Sarbanes Oxley Act of 2002.

This will occur because the impact of the Equifax breach is being felt by every single American (as well as some Canadians and Brits). Similar to the Sarbanes-Oxley requirement on the certification of internal control over financial reporting, CEOs and other executives will be required to disclose any material data breach upon discovery and personally certify to the effectiveness of their internal control over data security.

Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.