On the inside of a hacking catastrophe

Security is about People, Process…and Technology. In that order. Something to think about when your security team is in the middle of a s**tstorm…:

[…] One week after Mr Rimmer and his team found out about the breach, Equifax published a press release detailing a “website application vulnerability” that malicious hackers had exploited.

“For the first week there was nobody standing up for the security team, clarifying that this is a corporate responsibility and it’s not down to individual security professionals,” he says.

The details becoming public had a further demoralising effect on staff, who were criticised on social media and in the press by their peers and others within the industry.

“The CISO was attacked for having a music degree even though this was 30 years ago when cyber-security wasn’t a known concept. A middle manager on the security team was served with lawsuit papers directly, not via Equifax, while another employee had death threats on social media because he was identified as working for Equifax, so there was a disproportionate personal impact to some of those people who were singled out,” says Mr Rimmer.

[…]

Original article here