Black Hat: Lessons Learned from the Equifax Data Breach
After its massive breach, Equifax lost 40 percent of its market capital.
(Pictured above: Equifax’s Jamil Farshchi at Black Hat USA in Las Vegas, Aug. 8.)
BLACK HAT USA — Organizational structure and decision processes will directly impact whether organizations fall victim to cybercriminals.
That’s according to Jamil Farshchi, Equifax’s chief information security officer, who spoke during this week’s Black Hat USA 2019 conference in Las Vegas. He joined Equifax after it suffered a massive data breach, which resulted in unauthorized access to the personal information of nearly 44% of the U.S. population.
In the aftermath, Equifax lost 40% of its market capital; its CEO, CIO and CISO all lost their jobs; and it incurred a $1.25 billion incremental transformation investment.
Farshchi was with Home Depot at the time and recalls the home improvement giant being negatively impacted because it was an Equifax customer. He also was with NASA when the Space Shuttle Challenger exploded, and said all of these incidents occurred because of an issue with culture. The main issue is failing to bridge an organization’s technical aspects with its non-technical aspects.
“Does your head of security have the ability to influence the entire enterprise?” he said. “The reason this is important is security is everyone’s responsibility. Does the head of security have regular communication and interaction with the board of directors?”
The organizations that are doing well are those that tie economic impact back to security performance, Farshchi said.
Regular communication and interaction with the board of directors is important to ensuring an organization is secure, he said. In addition, organizations should initiate crisis management tests with the involvement of the board of directors, he said.
“Everyone says cybersecurity is important, but what are you going to do about it?” he said. “What we see is a lot of people saying, but not doing. If we say something, we have got to deliver on it.”
In addition, if an organization suffers a data breach, it doesn’t give their competitors a competitive advantage, Farshchi said.
“Breaches don’t help anybody,” he said. “We should be working more closely together so we can raise that bar. If that person gets eaten, you’re the next target for that bear. Trust starts and ends with you.”
Also at Black Hat, Arctic Wolf Networks announced Arctic Wolf Agent, an endpoint monitoring tool included as a core technology with Arctic Wolf managed detection and response, and Arctic Wolf managed risk services.
Brian NeSmith, Arctic Wolf’s co-founder and CEO, tells us Arctic Wolf Agent expands his company’s capability and allows it to extend deeper into the environment to see what’s going on in a customer’s environment.
“It really becomes an enabler for partners to now go to their customers as they’re talking about this service and talking about, ‘OK, now I can not only see what’s happening at the network level or at the server level, but down to the endpoint,” he said. “So whether I’m doing vulnerability management or detection and response, and what I want to get out of that, it’s really an enhancement of the basic services.”
Mimecast released its first Threat Intelligence Report, which which found education is the most targeted sector and trojans make up 71% of opportunistic attacks.
Noteworthy highlights from the report include:
Emotete, Adwin, Necurs and Gandcrab experienced a significant uptick in campaign usage in April.
Microsoft Excel was one of the most popular file types used to distribute malicious activity, with more than 40% of threats detected using XLS files.
Microsoft Word file types were seen in nearly 15% of threats.
The management and consulting, and biotechnology industries accounted for 30% of all impersonation attacks.
Threat actors are engaging their targeted victims through email first, then shifting to SMS (a less secure communications channel).
“The cyberthreat landscape will continue to evolve as threat actors continue to look for new ways to bypass security channels to breach their targets,” said Josh Douglas, Mimecast’s vice president of threat intelligence. “We’ve observed malware-centric campaigns becoming …
… more sophisticated, often using different types of malware in different phases of an attack; yet, at the same time, very simple attacks are also increasing significantly.”
Threat actors are becoming more organized and businesslike by implementing subscription and as-a-service-based business models to deliver malware in an effort to reduce their work and improve their return-on-investments, according to Mimecast. Also, spam is heavily used by threat actors as a conduit to distribute malware.
In the Black Hat business hall, Tia Hopkins, eSentire‘s vice president of global sales engineering, said at a conference like this, “it’s a little difficult for a security practitioner to figure out what they need and what they don’t because here’s all of it, and everyone saying you need all of it.”
“It really goes back to making sure you do an appropriate analysis of your environment, figure out what your risk is and how you’re going to respond to those risks,” she said. “I find a lot of times you focus on things like pricing, licensing model, deployment and how’s it going to integrate with my environment, but when you get down into why you’re actually going through that exercise of how is this going to solve my problem, that sometimes gets lost in the marketing message because everyone’s telling you I can solve this problem. So then what is it that you’re going to dig into to figure out how your problem’s actually going to be solved. That’s almost more important than licensing models, pricing and deployment.”
About the Author
You May Also Like