Deloitte and Equifax Breach: What are the Lessons for the Cybersecurity World?
Cybersecurity breaches are on a constant rise this year. In fact, 2017 has witnessed some of the largest data breaches in the security history. The Equifax breach, in the recent months, has been the talk of the cybersecurity town. As if adding salt to the existing wounds, the Deloitte breach worsens the internet security morale around the world. What’s surprising is, it took six weeks for the credit reporting agency Equifax to notify its 143 million customers. Security experts are pointing fingers to the lack of regulation has facilitated Equifax to defer the notification of the data breach.
As if the recent data breaches couldn’t give enough lessons for the industry, Deloitte, the well-known accounting firm also was at the receiving end of a cyberattack. Deloitte, known popularly in the United States as one of the "Big Four" accounting firms, has confirmed that it was the victim of a cyber attack. A special team inside the company has conducted an internal review after the breach. However, the accounting firm has been tight-lipped about the entire issue. The spokesperson of the company had this to say: “Importantly, the review enabled us to understand precisely what information was at risk and what the hacker actually did and to determine that only very few clients were impacted and no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.”
A massive breach like Equifax occurs not just because of the technical failures, but because of our mindset that needs an overhaul. Unless we mend our thinking, bigger breaches are bound to happen time and again. In order to secure our information, we need to recognize privacy and security as a single homogenous combo rather than mutually exclusive. Notifying the affected users about breaches is quintessential and this should be addressed in the cybersecurity policy.
The Equifax incident clearly shoots the argument that a user needs to choose between privacy and security. Increasingly, governments are demanding access to end-to-end encrypted data for security purposes. Whereas, the Equifax breach reinforces that privacy and security go hand-in-hand. Any violation of privacy is equally detrimental to the security. As in the case of Equifax, user’s privacy was breached which resulted in the exposure of their personal and sensitive information like Social Security numbers. This when lands into the hands of criminals, the security of users as well as the State’s would be in danger.
We should learn that security isn't an end in itself, but rather a mechanism to protect important values, one of which is privacy.