We may soon, for the first time, see executives go to prison for this ludicrous decision and the actions they took after.
If you haven’t heard of the Equifax Inc. (EFX) data breach you haven’t turned on either a radio or a television or went to an actual news site with your browser. Business after Business has been trying to skate on their fiduciary responsibilities by relying on “free stuff” which cannot be made secure in stead of relying on robust proprietary operating systems and the proprietary hardware they run on.
Equifax is just another in a long line of companies which don’t give a rats behind about their customers. There had to be a Keller MBA involved in creating the spreadsheet which “justified” the move to “free stuff.” It’s easy, you just leave off all of the expenses which would negate it.
Most companies these days have bee purchasing some form of insurance policy for breaches rather than performing their fiduciary responsibility of using high quality systems to safeguard their customer data. Most have been replacing skilled American IT workers with H1-B and vacation visa workers of much lower skill.
A real IT architect knows that you air gap this shit. You set up a sacrificial Web server outside of everything and route data only messages back through something like Websphere or your own message mapper. That mapper converts the XML or other free format message into a fixed field width proprietary message and only that gets back to a real back end. The back end responds with a fixed field width proprietary message which the message mapper turns into whatever “open standard” you are supporting via your Web interface.
You never directly connect a Web anything to a database or a real computer.
Insurance policies tend to be backed by various re-insurance schemes and financial instruments much like those mortgage backed bonds Wall Street fraudulently sold creating a global recession. There cannot be enough in the slush fund to cover up to 1/3 of Americans becoming victims of identity theft. Congress cannot allow this company to skate by with only a few months of credit monitoring for each impacted customer. There has to be actual damages and prison time.
We are now standing at the precipice of another financial collapse at least in the re-insurance market covering companies with idiot executives using low cost systems and labor allowing massive breaches to happen. Insurance pools tend to be based on a small percentage of pool members having claims. There can be no pool large enough to cover 1/3 of Americans all at once.
Welcome to the new market crash.