Redmond View

Make CEOs and Boards Accountable for Breaches

Nearly two months after Equifax revealed perhaps the worst breach of consumer data to date, more revelations of incompetence emerge, and yet the only ones who pay the price are the customers.

Nearly two months after Equifax revealed perhaps the worst breach of consumer data to date, more revelations of incom­petence emerge, and yet the only ones who pay the price are the customers. Unfortunately, in the case of Equifax, almost everyone could be a customer by virtue of having a Social Security number, a driver's license or a credit report.

In addition to the potential that records of up to 143 million Americans were exposed, it was recently reported that intruders accessed 15 million U.K. records, impacting nearly 700,000 consumers in that country. Anyone sustaining losses stemming from this breach could find it difficult to seek compensation from Equifax, given the fine print that indemnifies the company from such liability, which is why several states attorneys general and the U.S. Department of Justice and FBI are investigating if any laws were broken.

While CIO Dave Webb and CSO Susan Maudlin were gone from the company within a week of the Equifax disclosure (bit.ly/2yEjB2D), perhaps the most galling consequence was that CEO Richard Smith "retired" two weeks after the tech execs fell on their swords with a $90 million golden parachute.

Signs of trouble trace back to March 8 when Cisco warned of a security flaw in Apache Struts that was already "being actively exploited." Equifax discovered the intrusion on July 29, which had been ongoing inside May, yet waited more than a month to publicly disclose it.

As Equifax continues to face criticism from its public response to the attack, those respon­sible are willfully negligent. Perhaps if such negligence became a criminal offense, IT organizations would get the support they need to keep their systems secure. Maybe even routine patching would become universal.

About the Author

Jeffrey Schwartz is editor of Redmond magazine and also covers cloud computing for Virtualization Review's Cloud Report. In addition, he writes the Channeling the Cloud column for Redmond Channel Partner. Follow him on Twitter @JeffreySchwartz.

Featured

  • How To Remove the Windows 10 Action Center

    Microsoft meant well with Windows 10's Action Center, but the constant pop-up notifications are often more annoying than helpful. Here's how to get rid of them.

  • Google IDs on Azure Active Directory B2B Service Now at 'General Availability'

    Microsoft announced on Wednesday that users of the Google identity and access service can use their personal log-in IDs with the Azure Active Directory B2B service to access resources as "guests."

  • Top 4 Overlooked Features of a Data Backup Strategy

    When it comes to implementing an airtight backup-and-recovery plan, these are the four must-have features that many enterprises nevertheless tend to forget.

  • Microsoft Bolsters Kubernetes with Azure Confidential Computing

    Microsoft on Tuesday announced various developments concerning the use of Kubernetes, an open source container orchestration solution fostered by Google.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.