BLACK HAT USA — Las Vegas — One of the main takeaways from major data breaches like the one at Equifax in September 2017 is that organizational culture is fundamental to a good security posture, said Jamil Farshchi, the credit monitoring bureau’s CISO, in a talk here today.
Farshchi was CISO at Home Depot when the breach at Equifax happened. He was hired at Equifax less than six months later and has been in charge of rebuilding the company’s beleaguered security program. It’s the same role he was called in to play at Home Depot following the 2014 data breach that exposed data on over 50 million payment cards.
“Equifax was meaningfully impacted right out of the gate,” Farshchi said. The company experienced a 40% loss in market cap in the immediate aftermath of the breach. It also lost its CEO, CIO, and CSO and had over $1.25 billion in incremental transformation costs. Recently, Equifax also agreed to pay $700 million to compensate victims of the breach.
Incidents like these tend to focus a lot of attention on the immediate causes and less so on the underlying, systemic issues, he said. At a Senate hearing on the Equifax breach, for instance, many of the questions that Farshchi received were focused on technical issues, such as the company’s patching processes, certificate management habits, and asset inventory-handling capabilities.
While all of the questions were meaningful and relevant, they did not touch on root-cause issues that often have to do with organizational culture and attitudes toward security, he said. “If you are looking at individual breaches, you are missing the bigger picture,” he said.
Farshchi said his experience has shown that five things are key to having an effective security organization. First, the head of security or the CISO needs to have the ability to influence and drive change as required across the entire enterprise. Second, this person also needs to be able to regularly interact with the board of directors and senior leadership on security strategies and direction.
The third big driver is economic incentive. The organizations that are doing well at security tie economic incentives to the effectiveness of the security program.
Farshchi identified the fourth and fifth key factors to security success as risk management and crisis management. Security teams that conduct regular crisis management exercises with executive leadership and the board are often better prepared to deal with an actual one, he noted.
Security organizations need to have the ability to identify meaningful risks, and security leaders need to have the conviction to escalate concerns even if doing so means halting or delaying a business initiative, he said. It is absolutely critical for security groups not to just identify an issue but to do something about it, Farshchi said.
He noted a new “say/do” motto within his own organization that emphasizes the idea that if you say something, you absolutely need to deliver on it. “Trust starts and end with you,” Farshchi said.
Related Content:
Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio
More Insights
Like!! Really appreciate you sharing this blog post.Really thank you! Keep writing.
Perfect piece of work you have done, this web site is really cool with good info .
Thanks for revealing your ideas. Another thing is that individuals have a selection between national student loan as well as a private student loan where it’s easier to go for student loan debt consolidation reduction than through the federal student loan.
Wow, nice YouTube video on the topic of how to set up virtual directory, I fully got it. Thanks keep it up.
Thanks for giving your ideas on this blog. Additionally, a fairy tale regarding the finance institutions intentions while talking about home foreclosure is that the financial institution will not getreceive my installments. There is a certain quantity of time that the bank will take payments every now and then. If you are too deep inside the hole, they’ll commonly call that you pay the payment in full. However, i am not saying that they will have any sort of installments at all. When you and the traditional bank can seem to work some thing out, a foreclosure practice may halt. However, in the event you continue to miss payments in the new plan, the home foreclosure process can just pick up from where it left off.
Quality articles or reviews is the key to be a focus for the users to pay a quick visit the website, thatís what this site is providing.
I truly appreciate this post. I’ve been looking all over for this! Thank goodness I found it on Bing. You’ve made my day! Thx again
I got so bored in the present day afternoon, but while I watched this YouTube funny clip at this blog I turn into fresh and delighted as well.
If some one needs to be updated with latest technologies therefore he must be pay a visit this web site and be up to date every day.
What’s up, this weekend is fastidious designed for me, as this occasion i am reading this impressive educational article here at my residence.
This piece of writing on the topic of Search engine optimization is truly nice one, and the back links are in fact very valuable to market your web page, its also known as Search engine optimisation.
If you are going for finest contents like I do, only go to see this site all the time as it provides quality contents, thanks
Hello colleagues, fastidious post and nice urging commented here, I am genuinely enjoying by these.
I loved as much as you’ll receive carried out right here. The sketch is tasteful, your authored subject matter stylish. nonetheless, you command get bought an shakiness over that you wish be delivering the following. unwell unquestionably come further formerly again since exactly the same nearly very often inside case you shield this increase.
Thanks for your marvelous posting! I certainly enjoyed reading it, you happen to be a great author.I will always bookmark your blog and will come back from now on. I want to encourage yourself to continue your great work, have a nice day!
glad to be one of many visitants on this awful website : D.
Absolutely indited written content, Really enjoyed looking at.
some really interesting info , well written and broadly speaking user pleasant.
Hello, you used to write great articles, but the last several posts have been kinda boring… I miss your great posts. Past few posts are just a little out of track!
I additionally believe that mesothelioma cancer is a unusual form of cancer malignancy that is commonly found in people previously subjected to asbestos. Cancerous tissue form while in the mesothelium, which is a protecting lining that covers the vast majority of body’s body organs. These cells commonly form inside lining with the lungs, mid-section, or the sac which actually encircles the heart. Thanks for giving your ideas.
I like what you guys are up also. Such clever work and reporting! Carry on the superb works guys I’ve incorporated you guys to my blogroll. I think it will improve the value of my site 🙂
Very nice layout and excellent subject matter, hardly anything else we need : D.
Hi there colleagues, fastidious post and pleasant arguments commented at this place, I am actually enjoying by these.
Thanks for all your work on this web page. My niece take interest in carrying out research and it’s easy to understand why. We all learn all relating to the lively method you produce efficient techniques on the website and even inspire response from other individuals about this subject while our simple princess is actually discovering so much. Have fun with the rest of the new year. You have been performing a brilliant job.
It is appropriate time to make a few plans for the future and it is time to be happy. I have learn this submit and if I may I want to counsel you some fascinating issues or advice. Perhaps you can write subsequent articles referring to this article. I want to read even more things approximately it!
For newest information you have to pay a visit web and on the web I found this web page as a finest site for latest updates.
Fantastic goods from you, man. I’ve understand your stuff previous to and you are just extremely excellent. I actually like what you’ve acquired here, certainly like what you’re saying and the way in which you say it. You make it enjoyable and you still take care of to keep it sensible. I cant wait to read much more from you. This is actually a terrific web site.
Great post, I believe people should larn a lot from this blog its real user pleasant.
I also like Flash, however I am not a good designer to design a Flash, but I have computer software by witch a Flash is automatically produced and no more to work.
I always was interested in this topic and stock still am, regards for posting.
I would like to thank you for the efforts you’ve put in penning this blog. I’m hoping to view the same high-grade content from you later on as well. In fact, your creative writing abilities has motivated me to get my own website now 😉
Nice post. I used to be checking constantly this weblog and I am inspired! Very helpful info specially the ultimate section 🙂 I care for such info a lot. I used to be seeking this certain info for a very lengthy time. Thanks and best of luck.
Hi! Would you mind if I share your blog with my myspace group? There’s a lot of folks that I think would really enjoy your content. Please let me know. Cheers
Hurrah, thatís what I was exploring for, what a material! existing here at this weblog, thanks admin of this web site.
as I website possessor I think the content material here is really superb, thankyou for your efforts.
great points altogether, you simply gained a brand new reader. What would you suggest about your post that you made some days ago? Any positive?
One more thing I would like to convey is that as opposed to trying to match all your online degree programs on times that you complete work (since most people are fatigued when they come home), try to find most of your classes on the weekends and only one or two courses for weekdays, even if it means a little time away from your weekend. This is fantastic because on the weekends, you will be extra rested plus concentrated upon school work. Thanks for the different points I have realized from your website.
I am also commenting to let you know of the fine discovery my girl went through visiting your web site. She picked up lots of issues, including what it is like to possess a marvelous giving character to have others just know various advanced things. You truly exceeded readers’ expectations. Thanks for presenting these practical, trustworthy, informative not to mention easy thoughts on this topic to Jane.
The crux of your writing whilst appearing agreeable in the beginning, did not sit very well with me personally after some time. Somewhere within the paragraphs you managed to make me a believer unfortunately only for a while. I nevertheless have got a problem with your jumps in assumptions and one might do well to help fill in all those breaks. When you actually can accomplish that, I would surely end up being amazed.
I appreciate, cause I found exactly what I was looking for. You have ended my 4 day long hunt! God Bless you man. Have a nice day. Bye
I don’t normally comment but I gotta admit regards for the post on this special one : D.
Hiya, I’m really glad I have found this info. Nowadays bloggers publish only about gossips and net and this is actually annoying. A good website with exciting content, that’s what I need. Thank you for keeping this website, I will be visiting it. Do you do newsletters? Cant find it.
Have you ever thought about creating an ebook or guest authoring on other blogs? I have a blog based upon on the same topics you discuss and would love to have you share some stories/information. I know my viewers would appreciate your work. If you are even remotely interested, feel free to shoot me an e mail.
I’m really impressed with your writing skills and also with the layout on your weblog. Is this a paid theme or did you customize it yourself? Either way keep up the excellent quality writing, it’s rare to see a nice blog like this one nowadays..
Yup, you are accurate Google is the most excellent in favor of blogging, Googleís blog as well come up to fast in search engines too.
This actually answered my drawback, thanks!
I think this web site has got some really good information for everyone : D.
I always was concerned in this subject and still am, regards for posting.
Hi, I do believe your site could possibly be having internet browser compatibility issues. When I take a look at your site in Safari, it looks fine but when opening in I.E., it has some overlapping issues. I merely wanted to provide you with a quick heads up! Besides that, wonderful website!
Rattling clear web site, thanks for this post.
Wow, what a video it is! In fact nice feature video, the lesson given in this video is in fact informative.
Fine way of describing, and pleasant paragraph to obtain information regarding my presentation subject,
which i am going to deliver in school.
I was examining some of your posts on this site and I think this internet site is really informative ! Keep on posting.
This post is invaluable. How can I find out more?
What i don’t realize is actually how you’re not really much more well-liked than you might be now. You’re so intelligent. You realize therefore considerably relating to this subject, made me personally consider it from so many varied angles. Its like women and men aren’t fascinated unless it’s one thing to do with Lady gaga! Your own stuffs excellent. Always maintain it up!
buy cheap web traffic
http://ogtraffic.com – Click here>>>
I’m not that much of a internet reader to be honest but your
sites really nice, keep it up! I’ll go ahead and bookmark your site to come back later on. Cheers
Hi there! I just wanted to ask if you ever have any issues with hackers?
My last blog (wordpress) was hacked and I ended up losing many
months of hard work due to no backup. Do you have any methods to stop hackers?
Does your website have a contact page? I’m having problems locating it but,
I’d like to shoot you an email. I’ve got some creative ideas for your blog you might
be interested in hearing. Either way, great website and I look forward to
seeing it develop over time.