Redmond View

Make CEOs and Boards Accountable for Breaches

Nearly two months after Equifax revealed perhaps the worst breach of consumer data to date, more revelations of incompetence emerge, and yet the only ones who pay the price are the customers.

Nearly two months after Equifax revealed perhaps the worst breach of consumer data to date, more revelations of incom­petence emerge, and yet the only ones who pay the price are the customers. Unfortunately, in the case of Equifax, almost everyone could be a customer by virtue of having a Social Security number, a driver's license or a credit report.

In addition to the potential that records of up to 143 million Americans were exposed, it was recently reported that intruders accessed 15 million U.K. records, impacting nearly 700,000 consumers in that country. Anyone sustaining losses stemming from this breach could find it difficult to seek compensation from Equifax, given the fine print that indemnifies the company from such liability, which is why several states attorneys general and the U.S. Department of Justice and FBI are investigating if any laws were broken.

While CIO Dave Webb and CSO Susan Maudlin were gone from the company within a week of the Equifax disclosure (bit.ly/2yEjB2D), perhaps the most galling consequence was that CEO Richard Smith "retired" two weeks after the tech execs fell on their swords with a $90 million golden parachute.

Signs of trouble trace back to March 8 when Cisco warned of a security flaw in Apache Struts that was already "being actively exploited." Equifax discovered the intrusion on July 29, which had been ongoing inside May, yet waited more than a month to publicly disclose it.

As Equifax continues to face criticism from its public response to the attack, those respon­sible are willfully negligent. Perhaps if such negligence became a criminal offense, IT organizations would get the support they need to keep their systems secure. Maybe even routine patching would become universal.

About the Author

Jeffrey Schwartz is editor of Redmond magazine and also covers cloud computing for Virtualization Review's Cloud Report. In addition, he writes the Channeling the Cloud column for Redmond Channel Partner. Follow him on Twitter @JeffreySchwartz.

Featured

  • Microsoft Publishes Windows Deadlines on Upgrading to SHA-2

    Microsoft on Friday described its 2019 timeline for when it will start distrusting Secure Hash Algorithm-1 (SHA-1) in supported Windows systems, as well as in the Windows Server Update Services 3.0 Service Pack 2 management product.

  • Performing a Storage Refresh on Windows Server 2016, Part 1

    To spruce up some aging lab hardware, Brien decided to make the jump to all-flash storage. Here's a walk-through of the first half of the process.

  • Datacenters Are Cooling Down as Buildouts Heat Up

    Tech giants Google, Apple and others are expanding their datacenter footprints at a rapid rate, and it's pushing the industry to find better ways to power all that infrastructure.

  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.