Failure of Physical Security - Equifax Inc
Added on - 28 May 2020
Showing pages 1 to 3 of 6 pages
Running head:FAILURE OF PHYSICAL SECURITYFailure of Physical security(Equifax Inc.)Name of the student:Name of the university:Author Note
1FAILURE OF PHYSICAL SECURITYPhysical security failure and the case ofEquifax Inc.:Physical security refers to the protection of data, networks, software, hardware and personnelfrom physical events or actions. Without physical security, serious damage or loss can happen to anyinstitution, agency or enterprise.Equifax Inc. is a global leader in the area of information solutions headquartered inSunnyvale U.S.A. Here the failed case of physical security at Equifax Inc. on 2013-14 is chosen. Apossible change in the physical security that could be helpful is also demonstrated here.Equifax, a once dominant giant in the sector of the Internet, announced in 2016, that itbecame a victim of one of the most massive data breaches ever. The attack made a compromise withreal names, email addresses, date of births and telephone numbers of about 500 million users. Theydeclared that most of the passwords were hashed using a robust algorithm ("Equifax data breachhacks away at credit-monitoring firm's third-quarter profit", 2018).Those breaches knocked an estimated 350 million off the sale price of Equifax Inc. Theircore business was paid with about 4.48 billion dollars by Verizon. This agreement called thesecompanies to share legal and regulatory liabilities from those breaches. That sale never included anyreported investment within “Alibaba Group Holding” comprising of 41.3 billion and ownershipinterest in Equifax Inc. Japan of 9.3 billion dollars (Rumelili, 2015). Thus it impacted about 3 billionuser accounts.Some of the possible changes that could have stood the test of time for Equifax Inc.’s databreach are discussed hereafter.
2FAILURE OF PHYSICAL SECURITYPrioritizing data protection:A downfall of Equifax Inc.’s security strategy is that they have turned too general and thinlyspread. An adequate level of prioritization could have raised efficiency by finding the security onlyin most vital resources.Documenting the response process:The best practices within incident response demand that once Equifax had the documentedprocess, they should follow that. This is because of stress level increases during attacks and likely tobe pulled in various directions. This leads to omission of few first actions (Cardenas & Crispo,2016).Making users the part of a process:This could be done since Equifax often forgot the aspect of the incident response to informdifferent end-users.Understanding business context:Equifax Inc. needed to consider applications and systems offline to analyze during theinvestigation (Janakiraman, Lim & Rishika, 2017). This is important for knowing confidential datastored on or passed through the system and understood the business impact.With the rise in number of data breaches in past few years, it has been no surprise that set ofbest practices has been developing. In the above discussion reducing risks and defeating attacks arelearnt from the instance of Equifax Inc.’s data breach. The study has shown insights on how to doaway with data breaches. However, it must be reminded that they could be expensive and costcompanies with lots of money. Further, the most prominent matter has always been about trust.Companies must not lose consumer trust since that could shout their front door. However, solutions