1.0 Introduction
Credit-offering companies have become more common globally since most individuals need financial assistance. Blueliv (2018) purported that companies tend to fall into financial dips when their capital share runs on the negative side. Equifax is a credit reporting firm that originated from America’s threshold. It had previously been accredited as one of the best credit reporting organizations in the world, although it was caught up in a security scuffle. Equifax has been known to accredit their clients’ certain scores that showcase their financial expenditure over a specific period. According to GAO (2018), people tend to seek their credit reports to acquire perfect knowledge of spending their income after paying their debts. This has limited the number of cases people have solved due to late credit paying. This essay intends to evaluate the security breach reported by Equifax and the strategies it has executed since then to promote integrity and confidentiality.
2.0 Background
Equifax hails from the United States of America and is recognized as one of the largest credit reporting organizations. The company was founded as early as 1899, although its operations became viable after years of effort (Singer & Friedman, 2014). Mark Beglor has been the Chief Executive Officer in Equifax since 2018. The firm offers free credit reporting services to its clients if their needs are ordinary. However, Whitman and Mattord (2017) postulated that some clients tend to ask for more complex services which require a lot of input. In that case, Equifax is left with no other option other than to charge their clients. This allows the company to make its profits, contributing to its overall Gross Domestic Product. GAO (2018) dictated that Equifax has been rated as one of America’s best credit reporting companies for more than 30 years straight. This is the main reason why many clients have trusted in its ability to keep their credit scores confidential. However, the organization recently reported security breaches within its headquarters in Atlanta, Georgia (Wasser, Palmay & Koczerginski, 2017). This has resulted in more doubt than confidence in the service delivery docket by their existing and potential customers.
3.0 Problem Identification
Equifax reported within the financial year of 2020 was marled as one of the scariest in the United States of America, considering a lot of clients had placed their faith in the company’s services (Blueliv, 2018). The security breach disposed of the personal information that clients had proffered at the human resource department within the firm. However, some clients access their services through their official websites on different online platforms. The approximate number of customers who launched their complaints to Equifax was 148 million in 1-2 days after the company announced the security breach (GAO, 2018). Equifax was rated as the credit reporting organization that failed to secure its clients’ personal information. The firm’s reputation was destroyed on a mere accusation of lack of integrity and poor customer service delivery.
4.0 Analysis
4.1 Identify the key factors that created the weak security situation
Minimal integrity was one of the key factors that created the weak security situation in any organization. A significant percentage of customers have shifted their dire interests in acquiring quality services accompanied by transparency. Singer and Friedman (2014) highlighted that a company must develop a conclusive strategy that they can execute to better their activities. For exemplar, Equifax is a firm that has been marked with lacked integrity in the dissemination of its duties since its reported security breach. Such incidences have led many business entities out of business.
Poor customer delivery services are another key factor that creates a weak security situation in a company. GAO (2018) purported that organizations must ensure that their customers’ needs are satisfied on time. This is because human needs are recurrent while the service delivery curve fluctuates. Therefore, companies like Equifax should work harder to establish transparency within their customer service delivery.
4.2 Vulnerabilities that were exploited in Equifax incident
Equifax was charged with failure to document both individual and company-based credit-scored certificates on time. The individual scores were at least 324, while company-based ones were approximately 76 (Blueliv, 2018). The company was found negligent of its duties because many of its clients trusted its abilities. This washed away the transparency that many clients had in the organization’s customer delivery skills.
4.3 Appropriate organizational and security controls in Equifax
Secure Sockets Layer (SSL) is the security control platform that Equifax was using before the reported security breach (Wasser, Palmay & Koczerginski, 2017). SSL was an interface that notified the company of many undocumented details of services offered to clients. However, the software is required to be updated after a certain period. The company has not updated its software in the security breach, releasing its clients’ personal information in the cloud. This was the most lethal experience that people had experienced from credit-reporting firms in the United States of America.
4.4 Consider the measures that Equifax has taken to recover from the incident
The Key Performance Indicator (KPI) is a strategy Equifax has adopted and implemented since the security breach. GAO (2018) postulated that KPI is a strategy that allows companies to develop internal metrics that tell them to grade their performance in customer service delivery within a specific financial period. This has so far helped Equifax in evaluating how well it serves its esteemed clients. Therefore, the company has been placing more effort on retrieving the transparency between them and their clients by ensuring that their service delivery and confidentiality are top-notch.
4.5 Evaluation of post-attack security measures and the prioritization of risks
Auditing is one of the security measures that a company like Equifax can implement. Singer and Friedman (2014) highlighted that the unprecedented release of clients’ personal information is lethal in that it causes allot of damage on a company’s reputation and overall profit turnover. Data encryption would be another security measure that reduces the frisk of consistent hacking. This means that organizations such as Equifax would not lose their undocumented data into the cloud. This would help companies to salvage their clients’ credit scores. According to Whitman and Mattord (2017), installing an internal security authentication system is a security measure that companies should adopt. Such companies would be able to protect their data since only authorized individuals would be allowed to access it. Internal hacking would equally help firms like Equifax from reporting security breaches. GAO (2018) situated that credit reporting firms have the mandate to foresee any risks that their operations hold in the future to better their service delivery.
4.6 Could the incident have been prevented?
Equifax couldn’t have prevented the release of their data to the cloud because they had not foreseen the risk. However, it would also be argued that if the company scheduled consistent documentation, most of the clients’ personal information would still be intact. The situation would not have been salvaged since Equifax had no alert that the security breach was bound to happen because they have been in the credit reporting business for decades.
5.0 Equifax’s evaluation
5.1 Equifax’s evaluation of its response to the incident
Blueliv (2018) indicated that it is paramount for companies to develop strategies that would solve the security breaches that occurred during their business periods. Equifax carried out an official press release apologizing to its esteemed customers about the unprecedented security breach. Likewise, it reassured its potential and existing customers that such an incident would not occur again under its watch.
5.2 Proposed measures by the US government
Cyber Executive Order (EO) is the main proposed security measure that the Americans proposed. GAO (2018) described the Cyber EO as a document released by Information Technology personnel about security breaches that occur within companies. This means that the data information in the cloud is bound to implicate the government bodies in disrespecting the right to privacy.
6.0 Action Plan
Equifax is set to adopt and implement the Cyber Executive Order proposed by the American government. This means that it would align its goals with that of the national authority. Therefore, Equifax’s clients would be reassured that the company could uphold integrity after the unprecedented security breach.
7.0 Recommendations
- Equifax should adopt the Cyber Executive Order to align its goals with those of the government. This will eliminate any security breaches that are bound to occur in the future.
- The company should embrace internal hacking skills to ensure that it can foresee risks. This means that Equifax will maintain a good rapport with its customers.
- Equifax should normalize documenting the services that it proffers to its clients. The firm should consider making the documenting process spot-on.
8.0 Conclusion
Equifax has been affected largely by the challenge that it almost fell into a financial skip since its capital share was fully dedicated to solving the mess. Most clients were not satisfied with the services because they lost a lot of their property and money. It is undeniable that security is the hugest aspect that any firm should uphold for all their clients. Security is an accompaniment of transparency and consistency within service delivery. This means that security breaches are costly to credit reporting companies and their clients.
9.0 References
Blueliv. (2018). The credential theft ecosystem. https://www.blueliv.com/resources/reports/The_credential_theft_ecosystem.pdf
GAO. (2018). Actions are taken by Equifax and federal agencies in response to the 2017 breach. https://www.gao.gov/products/GAO-18-559
Singer, P. W., & Friedman, A. (2014). Cybersecurity and cyberwar: What everyone needs to know. Oxford University Press. https://is.muni.cz/el/1423/podzim2018/BSS469/um/P.W._Singer__Allan_Friedman_-_Cybersecurity_and_Cyberwar__What_Everyone_Needs_to_Know___2014__Oxford_University_Press_.pdf
Wasser, L., Palmay, F., & Koczerginski, M. (2017). Cybersecurity – The legal landscape in Canada. McMillan. https://mcmillan.ca/insights/publications/cybersecurity-the-legal-landscape-in-canada/
Whitman, M., & Mattord, H. J. (2017). Management of information security. Boston, MA: Cengage Learning.