Black Hat: Lessons Learned from the Equifax Data Breach
(Pictured above: Equifax’s Jamil Farshchi at Black Hat USA in Las Vegas, Aug. 8.)
BLACK HAT USA — Organizational structure and decision processes will directly impact whether organizations fall victim to cybercriminals.
That’s according to Jamil Farshchi, Equifax’s chief information security officer, who spoke during this week’s Black Hat USA 2019 conference in Las Vegas. He joined Equifax after it suffered a massive data breach, which resulted in unauthorized access to the personal information of nearly 44% of the U.S. population.
In the aftermath, Equifax lost 40% of its market capital; its CEO, CIO and CISO all lost their jobs; and it incurred a $1.25 billion incremental transformation investment.
Farshchi was with Home Depot at the time and recalls the home improvement giant being negatively impacted because it was an Equifax customer. He also was with NASA when the Space Shuttle Challenger exploded, and said all of these incidents occurred because of an issue with culture. The main issue is failing to bridge an organization’s technical aspects with its non-technical aspects.
“Does your head of security have the ability to influence the entire enterprise?” he said. “The reason this is important is security is everyone’s responsibility. Does the head of security have regular communication and interaction with the board of directors?”
The organizations that are doing well are those that tie economic impact back to security performance, Farshchi said.
Regular communication and interaction with the board of directors is important to ensuring an organization is secure, he said. In addition, organizations should initiate crisis management tests with the involvement of the board of directors, he said.
“Everyone says cybersecurity is important, but what are you going to do about it?” he said. “What we see is a lot of people saying, but not doing. If we say something, we have got to deliver on it.”
In addition, if an organization suffers a data breach, it doesn’t give their competitors a competitive advantage, Farshchi said.
“Breaches don’t help anybody,” he said. “We should be working more closely together so we can raise that bar. If that person gets eaten, you’re the next target for that bear. Trust starts and ends with you.”
Also at Black Hat, Arctic Wolf Networks announced Arctic Wolf Agent, an endpoint monitoring tool included as a core technology with Arctic Wolf managed detection and response, and Arctic Wolf managed risk services.
Brian NeSmith, Arctic Wolf’s co-founder and CEO, tells us Arctic Wolf Agent expands his company’s capability and allows it to extend deeper into the environment to see what’s going on in a customer’s environment.
“It really becomes an enabler for partners to now go to their customers as they’re talking about this service and talking about, ‘OK, now I can not only see what’s happening at the network level or at the server level, but down to the endpoint,” he said. “So whether I’m doing vulnerability management or detection and response, and what I want to get out of that, it’s really an enhancement of the basic services.”
Noteworthy highlights from the report include:
- Emotete, Adwin, Necurs and Gandcrab experienced a significant uptick in campaign usage in April.
- Microsoft Excel was one of the most popular file types used to distribute malicious activity, with more than 40% of threats detected using XLS files.
- Microsoft Word file types were seen in nearly 15% of threats.
- The management and consulting, and biotechnology industries accounted for 30% of all impersonation attacks.
- Threat actors are engaging their targeted victims through email first, then shifting to SMS (a less secure communications channel).
“The cyberthreat landscape will continue to evolve as threat actors continue to look for new ways to bypass security channels to breach their targets,” said Josh Douglas, Mimecast’s vice president of threat intelligence. “We’ve observed malware-centric campaigns becoming …