Collectively We Are Stronger:
Removing the Stigma from Cyber Attacks

Article - Operations
By Tim Cassidy|11th April 2023

In September 2017, Equifax experienced a data breach, which impacted the personal information of approximately 147 million people. The investigation highlighted several security lapses allowing attackers to enter, what were considered secure systems, and exfiltrate terabytes of data. Six years later, Equifax’s Business Information Security Officer (BISO) Michael Owens says the credit reporting agency has grown stronger, resilient, and more secure. He shared key learnings from the breach at our recent GDS Group Security Summit.  

In Brief: 

  • Cyber-attacks are underreported due to embarrassment and shame. Need to remove the stigma
  • Better collaboration with the federal government and regulators 
  • Empower developers  
  • Simulation & Training 
  • Collaborating globally within the security industry 

Remove the Stigma

According to the US Justice Department (DOJ) only one in seven cybercrimes is reported, which means over 85% of cybercrime is left hidden in an organization. Owens told our security audience, “we know that often, ransomware attacks, cyber-attacks are under reported and the main reason is the shame, the reputational risk that comes along with it, the idea that you and your company failed, that you were asleep at the wheel.”  

Owens added that must change. “When companies don’t share information, there in turn lies the biggest problem because we know that these attacks are worked out in a methodical method where they move through industries, they move through company’s so the sooner someone says something the faster mitigation can occur.” 

Culture Change

Removing the stigma of a cyber-attack requires a culture change within every organization. Owens says its starts by not feeling bad about a mistake that may have led to the breach, “there are people putting the company at risk, a lot of times just trying to do their job, nothing malicious, but we must work on culture and one of the hardest things to do is transform culture.” 

“It’s important to acknowledge that there are a lot of bad actors out there and inevitably they are ways to wreak chaos so we can’t blame the employee, we must blame the bad actors and then it’s on everyone to mitigate and report those attacks.”
-Michael Owens, Equifax 

Better Collaboration with the Federal government and Regulators

Owens says the federal government has been more active recently. They are better working with organizations on cybercrime but added, “companies should be reaching to the FBI before a breach occurs so that when it does happen the FBI can be a resource but from a regulatory aspect its seems the hammer has come down on us, although when you look at it from another perspective it allows you to have more tools, it allows you to go to your senior executives and get that additional funding and have more oversight.” 

Empower Developers

To ensure development teams are producing safe and secure versions of open-source components in software projects, Owens offered 3 tips at the GDS Security Summit: 

  1. Make sure you have an SDOC policy in place
  2. Ensure part of your staff is embedded in development to understand their process and how they work
  3. Empower developers by giving them tools and support to better understand the culture and take some control over their own destiny when it comes to being able to act securely at speed.

Simulation and Training

Equifax now has a better understanding of their business landscape and are using that to build out security policies that make sense. Bad actors are now using more “business style” type of attacks, mimicking activities that a CEO or a CFO would deploy to trick employees. Owens added the big challenge here is simulating those attacks, but the learnings from the simulations will help employees be better prepared. 

Moving Forward After a Breach

Owens says after the 2017 attack they decided as a company to own it, learn from it, grow from it, and share with others. Owens added, “there’s tons of challenges, from acquiring certifications to rebuilding trust with customers, from dealing with the media aspect of going through this very large security incident but the focus for us was changing the culture of our company, you can’t go back in time and change what happened, but you can change your attitude. We put good policies in place, putting culture first and foremost, not being ashamed with what happened and not just focus on prevention but take the time to talk about what’s going to happen during the attack and most importantly what’s going to happen afterwards. I think as a community we can be resilient in understanding that these are challenges that we all face and the more we’re willing to share with each other about those challenges the better off we all will be.”  

Conclusion 

The BISO from Equifax offered that all organizations who suffer a breach need to work with the security community collectively to make every organization stronger, “when one of us is attacked we all feel the pain of that, when we collectively come together to stop attacks, we all get better.” 

GDS Summits are tailored 3-day virtual event conferences that bring together business leaders and solution providers to accelerate sales cycles, industry conversations and outcomes. Regarding the Security Digital Summits 88% of Solution Providers said the overall experience of the Digital Summit they attended was ​Above Average or Excellent and 88% of Solution Providers said they would be interested ​in sponsoring future events.​ 

For more, click here to hear from attendees on how GDS has helped them to achieve their business outcomes. 

Continue the debate at GDS’ Security Digital Summits where we bring together senior security executives who are actively seeking to share, learn, engage, and find the best solutions. 

Apply to Attend 

Back to insights

Related content

Operations
Podcast

Data and sustainability: How businesses must leverage insights to go green

Hear from Christina Shim, Global Head of IBM Sustainability Software as we discuss green strategy and the pivotal role of data.
Find out more
Operations
Article

Nurturing trust:The foundation of effective leadership in today’s landscape

Discover how fostering transparency, empathy, and compassion transforms workplaces and drives success.
Stephanie Garey
Find out more
Operations
Article

Data that’s making a difference in patient health

Hear from the Chief Medical Information Officer at Phoenix Children's Hospital on putting data to work for clinical excellence.
Kelley Iuele
Find out more
Operations
Article

How the cloud is driving a full-scale business transformation at Equifax

Learn from Equifax's CFO about how their $1.5 billion cloud-driven transformation led to growth, improved performance, and innovative solutions.
Tim Cassidy
Find out more
Operations
Article

Embracing a new manufacturing era:Hiking up the hyper-hill

Discover the three key trends that have emerged as driving forces behind technology transformation in today's fast-paced world.
Sarah Tijou
Find out more
Operations
Article

Digital Twins:The Dynamic Duo in Manufacturing

Discover digital twins, the technology that is revolutionizing the fast-paced world of the manufacturing industry.
Sarah Tijou
Find out more
Operations
Article

Embracing Diversity:The Key to Innovation and Progress in Technology

Read about studies that have shown diverse teams are more creative, more productive, and better able to solve complex problems than homogeneous teams.
Tim Cassidy
Find out more
Operations
Podcast

Navigating decarbonisation for business success: Why it’s not all doom & gloom

Find out more
Operations
Article

Supply Chain Sustainability:Why, When and How ESG Became a Business Imperative

Sustainability is no longer a passing trend – it is now a business imperative.
Alex Wood
Find out more

Related events