Printed from BusinessInsurance.com

Equifax data breach can’t be solved with money

Posted On: Oct. 10, 2017 10:58 AM CST

Equifax data breach can’t be solved with money

SAN DIEGO — Money will not be able to fix the Equifax Inc. data breach, says a cyber security expert.

Mark Lanterman, chief technology officer at Minnetonka, Minnesota-based Computer Forensic Services Inc., a digital forensics firm, said he was “very angry” about the breach at the Atlanta-based consumer credit reporting agency which impacted some 143 million.

When Target Corp. suffered a data beach in 2013, “you just canceled the card and no harm,” he said. “You moved on with your life. How do we move on with this?” he asked.

“Thirty years from now, you can be a victim of that breach,” said Mr. Lanterman, who was the keynote speaker at the 2017 CLM & Business Insurance Construction Conference in San Diego on Monday.

“We were all up in arms about Target. Target’s nothing compared to this Equifax breach,” he said, adding that all people can do is put a freeze on their credit reports.

“Money can’t fix this. Money can’t make this right, and it’s one of the few breaches I’ve seen that can’t be fixed with money,” he said.

Mr. Lanterman also discussed how connecting devices to the internet is a balancing act. “When we gain convenience, we lose some security, and whenever something is super secure, it’s not convenient, and nobody buys your stuff,” he said.

He gave separate examples of a town in Georgia and a wind turbine firm that would have allowed hackers ready access to their systems. The Georgia town, for instance, made it easy for a possible hacker to gain access to a water processing plant that could have resulted in flooding, and perhaps people getting hurt, because it would have hampered emergency services.

Had property been damaged or people hurt by the actions of a 13-year-old hacker who did not appreciate the severity of his actions, it would have been the city’s fault and it would have been the teenager’s fault, “but it’s also the manufacturer’s fault,” Mr. Lanterman said of the water plant’s manufacturer.

“We’re selling you stuff that’s really convenient, but not so secure. I think that we as manufacturers and vendors have an obligation that we need to have some security in mind when we’re making our products,” he said.

Mr. Lanterman also discussed the dark web, noting it was actually created by the U.S. Navy to anonymize the military’s action on the internet but then was leaked. The dark web is encrypted online content not indexed on conventional search engines that is often used for criminal activity.

“I think of the dark web as Tombstone, Arizona, circa 1850,” where criminals’ attitude is, “I’m going to do what I want. I can buy and sell anything, and you’re not going to stop me,” said Mr. Lanterman, He gave examples of passports, guns, drugs and credit cards for sale on the dark web.

Discussing credit cards in greater detail, he showed one website that offers criminal buyers a choice of cards from more than 14,000 banks and credit unions.

Criminals can also buy credit cards stolen from people who live in their community, so that their use does not arouse banks’ suspicions, which would occur if a credit card was suddenly being used in a strange geographical area, he said.