Staying Ahead of the Evolving Cyber Risk Landscape
EQUIFAX BELIEVES THAT MORE COMMUNICATION, MORE COLLABORATION, AND MORE TRANSPARENCY EQUALS STRONGER SECURITY. In keeping with this philosophy, Jamil Farshchi, Executive Vice President and Chief Information Security Officer of Equifax, co-chaired the working group that produced a Bipartisan Policy Center Report on Top Cybersecurity Risks in 2023.
Farshchi joined The Briefing with Steve Scully on Sirius XM’s POTUS Politics to discuss the report’s findings — below are some insights from their exchange.
SCULLY: So what is the headline from this report?
FARSHCHI: The key takeaway — and the worrisome part for me — is that many of the risks that we highlighted have been around for a while. We as a collective ecosystem just have not made consistently the progress that we need to be able to mitigate these risks.
SCULLY: What, specifically, are the risks?
FARSHCHI:
Lack of Investment, Preparedness and Resilience
Overlapping and Conflicting Regulations
Evolving Geopolitical Environment
Lagging Corporate Governance
Accelerating Cyber Arms Race
Global Economic Headwinds
Vulnerable Infrastructure
Talent Scarcity
SCULLY: How does your company, Equifax, keep track of bad actors and defend against them?
FARSHCHI: We’ve spent $1.5 billion over the course of the past five years to transform our security and technology infrastructure. And because of those investments, we’ve become a leader in security.
In addition to those investments (and you’ll see this in the report in terms of top risks) governance is another core component. We make sure our board of directors has the insight to be able to provide the oversight and governance required for a well-functioning security organization.
SCULLY: What does the average American need to think about? What should concern them as individuals?
FARSHCHI: Individuals need to focus on some of the very core security basics. So, if you have sensitive data, if you’re using banking and financial services and so forth, use multifactor authentication. Make sure that you’re using complex passwords. And we need to put more pressure on vendors, to make sure that they’re actually building security into the products and services that we regularly consume.
SCULLY: What are the marching orders for the government and corporations?
FARSHCHI: Make the investments. Prioritize cybersecurity. And from a legislative perspective, help us build in laws that are going to motivate organizations to be able to do the right thing.
SCULLY: But I would imagine that’s going to be expensive?
FARSHCHI: It doesn’t have to be. Many of the controls are pretty basic. 99.9% of the attacks that we see that are successful go back to a handful of core controls that don’t require a tremendous amount of investment. We need the focus, and we need the prioritization, and I think we can get over the hump.
SCULLY: What’s the big looming question you have moving forward?
FARSHCHI: How much progress can we make as a group? We’ve been talking about this for a long time. Are we going to be able to pull together business interests, the consumers, the government, and collectively pull together to be able to win this fight?
For more information about cybersecurity at Equifax, check out the company’s 2022 Security Annual Report. Equifax also recently published its security and privacy controls framework — any team can now use it as a starting point to easily develop and utilize a framework based on their own organization’s unique needs.