Etienne Greeff is the cofounder and CTO of SecureData, a provider of cybersecurity services and solutions.
“The news on the hack against credit reporting firm Equifax is a textbook example of how not to handle a data breach effectively. Over half the population of America was put at risk, not to mention the vast number of credit cards that were compromised. Yet, despite the severe and far-reaching repercussions of the incident on customers, the reaction from the company has been lacklustre and worrying.
“In response to the breach, Equifax created a website – Equifaxsecurity2017.com – that offers free identity theft protection and credit file monitoring to all US customers. However, customers are asked to input additional information into the website that doesn’t even have a valid security certificate. It’s akin to offering contents insurance to a person whose house has already been robbed – and potentially putting them at risk even further.
“What’s more, Equifax has been relatively tight lipped about the type of information that has been compromised, meaning if customers want to take advantage of the company’s Credit Freeze feature to prevent further credit theft, they have to use a PIN number that may or may not have been stolen by cybercriminals.
“In short, Equifax’s knee-jerk and ill-considered response to the breach is shambolic. It appears the company is more concerned about its own image than supporting customers and providing transparency on what exactly has happened. With the GDPR legislation due to come down heavily on companies that neglect to better protect customer data, this should serve as a lesson to other businesses about how to be more prompt and forthcoming with action against cybercrime.
Richard Parris is the chairman and CEO of Intercede, a provider of identity authentication services.
“Companies like Equifax are supposed to be the bastions of customer data. Yet, as has worryingly become commonplace today, businesses are continuing to neglect how they protect customer data – and even their own data. Recent research we conducted found that 86 per cent of systems administrators within major enterprises – those people that hold the keys to an organization’s kingdom – are using basic password authentication to protect data. What’s more, 50 per cent of respondents admitted that business user accounts in their organisations were ‘not very secure.’
“It’s no surprise, then, that we’re seeing hack after hack. But it’s no longer acceptable to put customers at risk, advising them to ‘change or use complex passwords’ when passwords are the root cause of the majority of data breaches today. Businesses have been warned that current security methods are no longer enough to fend off cyber criminals and it’s us – the general public – that are left to wonder who has access to our data and which of our online accounts could be compromised next.
“The right security methods are out there – strong authentication that incorporates multiple levels of authentication such as PIN numbers, devices and biometrics. This makes it much more difficult for cybercriminals to hack into systems.
“But it appears businesses are getting lazy and lack the volition to make change. Equifax’s data breach is an example of the type of breach we should not be seeing today, and it’s worrying that calls for change are falling on deaf ears. Businesses will have no choice but to sit up and listen as GDPR comes into effect next year, but it’s reproachable to see businesses continuing to play fast and loose with our personal information until something bad happens to them. ”