Equifax - their silence - our complicity

[tw]

MarketWatch.com is asking what every informed person always asks. And then routinely finds reasons for failure. From Marketwatch on 15 Sept 2017:

Quote:

Equifax "Chief Security Officer" Susan Mauldin has a bachelor's degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security.

Exactly what is taught in business schools. Management need not know how the work gets done. Only profits are relevant.

A major security hole was discovered and patched in March. Patches must be installed within 30 days. This security hole was so dangerous that others (who come from where the work gets done) implemented it with a 'hair on fire' attitude. But Equifax did nothing for four months after half of their secure database was downloaded.

Laws require such companies to implement security software that looks for access and changes of credit card databases. No such security requirement applies to other databases such as Social Security numbers. So Equifax cut costs; only implemented what was required. This breech was ongoing for four months undetected. When it was detected, Equifax did nothing to protect customers for another six weeks.

NBC News on 14 Sept 2017 asks damning questions:

Quote:

When Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the company's data security.

And then they might also ask him if anyone at the company has been involved in efforts to cover up Susan Mauldin's lack of educational qualifications since the data breach became public.

... as soon as the Equifax data breach became public, someone began to scrub the internet of information about Mauldin.

qz.com also notes:

Quote:

[Equifax] did not disclose the hack until weeks after it was discovered, and it turned out that some of its executives have sold nearly $2 million in company stock before the announcement, raising concerns about insider trading. (The company says the executives weren't aware of the breach.

Really. Security for half of America and some 400,000 UK citizens were compromised? And top management did not know about it?

The breech was discovered on 29 July. After security sealed the hole, that breech continued the next day. So Equifax hired a cybersecurity firm, Mandiant, on 2 Aug. Then never told anyone that their entire financial security had been compromised until this week - six weeks later.

Also from NBC News:

Quote:

Equifax's apparent ignorance of standard security protocol doesn't even seem to be limited to its U.S.-based operations: Cybersecurity researcher Brian Krebs reported that an online tool used by Argentinian Equifax employees could be accessed just by typing "admin" as the login and password.

This is typical in any organization run by business school graduates. No different from those other business school graduates who intentionally put lead in Flint MI drinking water despite warnings from the people who know how the work gets done. Not one engineer said it was safe to launch space shuttle Challenger. So they launched it anyway. Even today, most do not even know that - foolishly believe it was an accident.

They only need do what the law requires. The product is irrelevant; only profits matter. Equifax successfully minimized costs. And so:

Quote:

With unfettered access, hackers would have been able to execute commands just like they were the administrators.

Anybody ask why we need immigrants? People educated in how the work gets done rather than in business school degrees. Too many Americans want to enrich themselves rather than build something productive. Other Americans are accessories after the fact - assume business school philosophies are acceptable.

Equifax will provide a credit monitoring service for anyone in America who has been compromised. That is half of America. But only for one year. Once that data is out there, your personal security is lost for decades. But Equifax will only protect you from their intentional mistake for one year. And only for free if you apply for their service in 30 days. Otherwise you must pay Equifax for that now required protection.

This is not just an information breech. Someone now has all information needed to identify about half of America's secret security people, military officers, intelligence agents (ie spies), and the staff of most every American security organization. All because business schools say anyone even with a music degree is sufficiently trained to do technical work.

Want to know why jobs get lost and incomes do not increase - except among business school graduates? This is another perfect example.