- Charles Hoff
I recently took a call from a reporter who was looking for a new angle to the massive Equifax breach. The fact that years ago I worked as Equifax’s senior vice president and international counsel and am now in the cybersecurity industry seemed to hold some allure.
Having dispensed with a long list of anticipated questions, there was a follow-up by the reporter: “Can Equifax survive this breach?”
The answer is yes, partially because Equifax has the financial and human resources to bounce back. However, it would be a much different answer if the question had pertained to a breached small business. Helping to form the cornerstone of the U.S. economy, small businesses make up 99.7 percent of U.S. employer firms. The 2016 State of Small and Medium Sized Business (SMB) Cybersecurity Report draws from prominent surveys to estimate that in the last 12 months alone, hackers breached half of these businesses.
What receives scant attention is that on a daily basis America’s 28 million small businesses and their consumers are engaged in a losing battle with hackers targeting what fraudsters consider to be the most vulnerable of targets. The results are devastating given the vast number of companies that fail to survive breaches, as well as the inordinate price that consumers pay in terms of time and money to restore their credit ratings and counter ID theft and fraud. Former SEC Commissioner Luis Aguilar wrote in a 2015 public statement, “Cybersecurity is clearly a concern that the entire business community shares, but it represents an especially pernicious threat to smaller businesses. The reason is simple: Small and midsize businesses are not just targets of cybercrime; they are its principal target.”
The dirty little secret among cybersecurity experts is that the overriding number of SMB data breaches can be easily avoided by implementing simple security measures and training.
These breaches have fostered a cottage industry in credit monitoring, notification and repair services as companies such as Equifax have appropriately profited from the countless unfortunate breaches of SMBs, along with the resulting effect on consumers.
Ironically, Equifax, through its own breach, is now uniquely positioned to leverage the resulting public forum to help stem the tide of this daily cyber onslaught. In fact, the key to Equifax’s redemption and ability to restore the public confidence may inextricably be linked to their willingness to give a helping hand by attacking the root causes.
What if Equifax added to its mission the objective of confronting head-on the national crisis we face regarding cybersecurity, by implementing educational initiatives to make SMBs aware of the practical steps to avoid breaches? If executed effectively, the company would be responsible for stemming countless business failures, saving jobs and preventing the public from needless cost and stress.
By being a vocal advocate and creating meaningful awareness programs, Equifax can become an integral part of the solution. Additionally, it can use its formidable influence to have industry leaders join the fight that has been so confounding to US government agencies seeking greater support from the private sector in the war on cybercrime.
Equifax can rebound strongly and regain public trust while showing how lessons learned from losing a cyber battle can ultimately help the larger American business community win the cyberwar.