Who watches the watchers? It was very telling to read the news recently on (ZDNet, Forbes) highlighting the downgrade of credit monitoring agency Equifax by credit ratings agency Moody’s (Moody’s lowered Equifax’s outlook from stable to negative last week (May 22)). Equifax has been under mounting scrutiny over the past couple of years stemming from the massive data breach that occurred in 2017 where over 209,000 consumer credit card credentials were stolen. To make matters worse, in 2018, Equifax further announced that an additional 2.4 million U.S. customers were affected by the breach; topped off by a House Oversight Committee report on the incident at the end of the year stating that the breach was “entirely preventable”. The cause of the breach came down to a well-known vulnerability in Apache Struts with Equifax revealing that an unpatched system was at fault, despite the fact that a patch had been made available for the bug over 2 months prior to the breach occurring.
The breach, and the findings on the breach, have had a material impact on the company, with the ongoing financial costs and strains, as a result of the breach, greatly outweighing the actual cost for the remediation of the breach. Not only did Equifax have a legal expenditure charge of $690 million in their first quarter financials, the company’s Q1 2019 earnings also showed $786.8 million in general costs due to the data breach, $82.8 million in data security costs, $12.5 million in legal fees, and $1.5 million in product liability charges. The financial costs as a result of the company’s cybersecurity processes are continuing to mount, with additional class-action lawsuits and regulatory scrutiny being faced by Equifax; which could also lead to more fines and penalties.
As we had mentioned in a previous post, when cyber attacks start impacting the bottom line, companies have to look at how it will affect investors and shareholders. With Moody’s downgrade of Equifax, the breach is going to have a long-term impact on the ongoing prospects of the company both operationally and from an investor perspective.
Unfortunately, despite ramping up investments to improve security in order to prevent such a data breach from occurring again, the millions of dollars now spent on remediating and shoring up security are a drop in the bucket compared to the ongoing financial burden that the breach caused for the company. As ZDNet states: “Equifax serves as a lesson in why boards should sign up to proactive security defence rather than consider security as a budgetary afterthought.”
At Wedge, we continue to focus on these cases where the victim could have easily integrated a security system such as Wedge Advanced Malware Blocker in order to take a proactive approach to security. As evidenced by Equifax’s ongoing financial fallout, it is always far more expensive to continue with the “Detect and Remediate” way of doing things. Our “Detect and Block” mantra continues to resonate with more and more organizations as they see the crippling financial effects that other organizations are facing as a result of “reactive” network security.
We continue to promote our FREE 90 day trial of the Wedge Advanced Malware Blocker that can Detect and STOP all forms of malware attacks and ransomware in Real-time, BEFORE they can cause damage. Get in touch with our team at email@example.com for more information on how you can join other organizations in taking a proactive approach for preventing breaches and other attacks and saving yourself from the massive financial headache that these attacks can cause.