The ability to provide services to customers and clients depends, in part, on cyber resilience.

The proper functioning of the financial services market itself is closely linked to it too. It is, therefore, good business practice which protects revenues, profits and more importantly, your reputation.

Imagine if:

  • You could not reach your customers
  • Your customer data or IP was lost
  • You cannot do business for X days

The effects of cyber incidents are wide-reaching, costing businesses in lost revenue, fines, legal costs and reputational damage. A look at the Equifax security breach of 2017 puts cyber resilience in perspective.


 

equifax-breach
Case study: Equifax breach of 2017

When Equifax suffered a cybersecurity breach in 2017, it made global headlines.

In September 2017, Equifax announced that it had experienced a major cybersecurity breach, with approximately 150 million people affected. It was the result of a critical vulnerability in their legacy systems.

The vulnerability was identified in March 2017 and publicly exposed. While Equifax had deployed devices that monitored for suspicious network traffic, the device that would have monitored the traffic from this system wasn’t working. The security certificate required to run the monitoring service had expired. In fact, it was 19 months out of date.

As a result, the attackers had managed to find an exposed system that had not been patched. They used it to gain access to Equifax systems and data, which allowed them to download highly sensitive information, without being noticed by Equifax.

When the US House of Representatives Committee on Oversight and Government Reform opened an investigation into the breach, they found that “Equifax, however, failed to implement an adequate security program to protect…sensitive data.” The committee’s conclusion was that “Such a breach was entirely preventable”.

Equifax had failed to follow a structured approach to cybersecurity and resilience. Their governance had fallen short of requirements, and they did not consider the broader view of cybersecurity requiring controls across technology, processes and people. Collectively, these failures left them vulnerable to hackers and cost them $1.4billion in remedial work, fines and legal costs. These costs don’t include the reputational damage caused by the breach.

What would you do as a financial services firm if a cybercriminal gained unauthorised access to your data? Would you be in a position to continue working or rebuild quickly enough to keep your firm successful? Are you in a position to carry the remedial costs of a data breach?

By focusing on building a cyber resilient firm, you will be in a better position to avoid have to answer many of these questions. A structured approach to cybersecurity which identifies and protects your business-critical assets is the most effective way to protect your business and reputation.

 

Download our ‘Building a cyber resilient firm’ to learn more about how effective planning and a structured approach to cybersecurity can help protect your business.

Download white paper

Leave your comment