Yesterday, the Senate Homeland Security and Governmental Affairs Committee’s Permanent Subcommittee on Investigations released its report on a probe into the 2017 Equifax hack stating that the company’s response was both “inadequate” and “hampered by [a] neglect of cybersecurity.” The report finds that the company’s shortcomings are both “long-standing” and “reflect a broader culture of complacency toward cybersecurity preparedness.”
Last year, Public Knowledge published a white paper, “Securing the Modern Economy: Transforming Cybersecurity Through Sustainability,” outlining how sustainability management practices can help organizations better manage their cybersecurity risk. Among other recommendations, the paper identifies a number of actions that relevant stakeholders can take to address these concerns. The list includes utilizing the National Institute of Standards and Technology’s Cybersecurity Framework, developing patch management programs, and educating the workforce about the need to take cybersecurity seriously. The Senate panel’s report on the Equifax breach reinforces our recommendations.
The following can be attributed to Megan Stifel, Cybersecurity Policy Director at Public Knowledge:
“The Senate panel’s report highlights a glaring lack of cybersecurity preparedness that is, quite frankly, appalling given the highly sensitive consumer data that’s at stake. Equifax’s poor cyber hygiene and delayed response further illustrate the need for a sustainable approach to cybersecurity.
“In addition to passing comprehensive privacy legislation, we urge Congress to carefully consider whether current market incentives are sufficient to ensure consumers’ data is adequately protected. Daily reporting about network breaches and consumer data compromises suggests that we are well beyond market failure.”