yesAdam JanofskyNone
×

Get access to Protocol

Will be used in accordance with our Privacy Policy

I’m already a subscriber
People

Equifax paints itself as a cybersecurity leader now

Nearly three years after its massive breach, Equifax says it has a lot to teach the industry. Will experts buy it?

Bryson Koehler, CTO of Equifax (left), and Jamil Farshchi, chief Information security officer at Equifax at the RSA Conference

Equifax is pitching itself as a bonafide leader in cybersecurity that others should follow.

Photo: Courtesy of Equifax

Yes, Equifax wants to talk about cybersecurity.

The credit reporting firm that suffered a colossal data breach in 2017 that exposed personal, sensitive data on 147 million people is making a deliberate effort to be front-and-center at this year's RSA conference in San Francisco. Executives from the company will be speaking on seven panels, and chief technology officer Bryson Koehler and chief information security officer Jamil Farshchi, delivered a joint keynote Monday afternoon.

Get what matters in tech, in your inbox every morning. Sign up for Source Code.

"We know we've been through something that few other organizations have, and we know we're taking a bold stand in our way of addressing it," Farshchi told Protocol in an interview before the event.

Unlike many of RSA's more than 40,000 attendees, Equifax isn't at the conference exclusively to learn. Instead, the company is pitching itself as a bonafide leader in cybersecurity that others should follow.

"Our goal is to say it's not just us, everyone is dealing with these threats, and the more we can share and the more we can teach you all, the better chance we have of being able to lift all boats in this space," Farshchi said.

Both Farshchi and Bryson Koehler said they're irked by the cybersecurity mistakes they see other companies make. One of them is "toolitis": the affliction of thinking that buying more tools will solve your problem," said Koehler.

"It happens all the time, it's so frustrating … people love the shiny toys and think whatever new tool is out there — artificial intelligence, blockchain applications — is going to solve all your problems," Farshchi said. "The solutions are staring you right in the face, and it's frustrating because we see so many folks in tech and security that aren't focused on what we think are the fundamentals."

Other common issues they see are companies that bolt cybersecurity solutions onto the organization instead of building them in from the beginning, and a lack of alignment between the cybersecurity team and the rest of the business.

"You'll find in every security organization out there the notion that it's two separate teams with different incentives marching towards different goals, but we ultimately should be striving toward the same thing," Farshchi said.

In addition to calling the company a leader in cybersecurity, the executives said Equifax has "best in class" patching practices and has a goal of making "the world a better, safer, more secure place"

This confidence may come off as puzzling to other professionals, said Ann Cleaveland, executive director of UC Berkeley's Center for Long-Term Cybersecurity. Companies rarely brag about being cybersecurity leaders because "it immediately paints a target on your back," she said.

Additionally, Cleaveland expects that many cybersecurity experts will be skeptical of the company's claims, given its history. "If their efforts now are genuinely about helping the industry learn from what they've learned, good for them," she said. "But a lot of people are going to see it as marketing."

In their Monday keynote, Koehler seemed to expect some doubt, inviting audience members' toughest assessments during a Q&A. But most of the questions were largely technical.

Farshchi and Koehler argue that there are plenty of reasons to take them seriously. Few security teams have dealt with an incident like the one they experienced, so there's a lot of lessons to be learned from the recovery efforts, they say.

Federal prosecutors said earlier this month that Chinese military hackers were behind the breach in 2017 that compromised personal data including names, birth dates and Social Security numbers of 145 million Americans. The hackers were also able to steal drivers license numbers for at least 10 million Americans, and credit card details for 200,000 Americans.

The attackers were able to access the data by exploiting a software vulnerability in Equifax's online dispute portal. A patch for the vulnerability had existed for months, but Equifax did not implement it. A 67-page investigation report from a Senate panel last March blamed the incident on Equifax's negligence.

The company has made huge cybersecurity investments and changes since the breach to reassure shareholders, customers and employees that it won't make the same mistakes twice.

The company has hired about 1,000 technology and cybersecurity specialists since the breach and committed $1.25 billion to security improvements, Farshchi said. The company's leadership has also changed. The company's CEO Richard Smith and several technology chiefs left the company in the weeks after the breach was announced. Both Farshchi and Koehler were hired in 2018, from Home Depot and IBM, respectively. Equifax changed its reporting line so that Farshchi and his team reports directly to CEO Mark Begor. They've also focused on making all employees feel responsible for cybersecurity by adding things like security measures that tie into employee bonuses.

Koehler said he's had to dismiss groups and replace about a quarter of his team for not taking security policies seriously. "We've had to break some glass to change and shift," he said.

Farshchi said he hopes that these efforts can serve as an example to the broader cybersecurity industry.

"I can't think of any other company that has been as forward-facing as Equifax has been. …" he said. "The ultimate goal [for us at RSA] isn't a self-serving one. It's really to try to help the security industry and all the companies trying to defend themselves against all the attackers hitting them every day."

People

Google’s trying to build a more inclusive, less chaotic future of work

Javier Soltero, the VP of Workspace at Google, said time management is everything.

With everyone working in new places, Google believes time management is everything.

Image: Google

Javier Soltero was still pretty new to the G Suite team when the pandemic hit. Pretty quickly, everything about Google's hugely popular suite of work tools seemed to change. (It's not even called G Suite anymore, but rather Workspace.) And Soltero had to both guide his team through a new way of working and help them build the tools to guide billions of Workspace users.

This week, Soltero and his team announced a number of new Workspace features designed to help people manage their time, collaborate and get stuff done more effectively. It offered new tools for frontline workers to communicate better, more hardware for hybrid meetings, lots of Assistant and Calendar features to make planning easier and a picture-in-picture mode so people could be on Meet calls without really having to pay attention.

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

Sponsored Content

The future of computing at the edge: an interview with Intel’s Tom Lantzsch

An interview with Tom Lantzsch, SVP and GM, Internet of Things Group at Intel

An interview with Tom Lantzsch

Senior Vice President and General Manager of the Internet of Things Group (IoT) at Intel Corporation

Edge computing had been on the rise in the last 18 months – and accelerated amid the need for new applications to solve challenges created by the Covid-19 pandemic. Tom Lantzsch, Senior Vice President and General Manager of the Internet of Things Group (IoT) at Intel Corp., thinks there are more innovations to come – and wants technology leaders to think equally about data and the algorithms as critical differentiators.

In his role at Intel, Lantzsch leads the worldwide group of solutions architects across IoT market segments, including retail, banking, hospitality, education, industrial, transportation, smart cities and healthcare. And he's seen first-hand how artificial intelligence run at the edge can have a big impact on customers' success.

Protocol sat down with Lantzsch to talk about the challenges faced by companies seeking to move from the cloud to the edge; some of the surprising ways that Intel has found to help customers and the next big breakthrough in this space.

What are the biggest trends you are seeing with edge computing and IoT?

A few years ago, there was a notion that the edge was going to be a simplistic model, where we were going to have everything connected up into the cloud and all the compute was going to happen in the cloud. At Intel, we had a bit of a contrarian view. We thought much of the interesting compute was going to happen closer to where data was created. And we believed, at that time, that camera technology was going to be the driving force – that just the sheer amount of content that was created would be overwhelming to ship to the cloud – so we'd have to do compute at the edge. A few years later – that hypothesis is in action and we're seeing edge compute happen in a big way.

Keep Reading Show less
Saul Hudson
Saul Hudson has a deep knowledge of creating brand voice identity, especially in understanding and targeting messages in cutting-edge technologies. He enjoys commissioning, editing, writing, and business development, in helping companies to build passionate audiences and accelerate their growth. Hudson has reported from more than 30 countries, from war zones to boardrooms to presidential palaces. He has led multinational, multi-lingual teams and managed operations for hundreds of journalists. Hudson is a Managing Partner at Angle42, a strategic communications consultancy.
Protocol | China

Here’s who has the ear of China’s most active cyber regulator

Alibaba and Huawei are dominating — while other big companies like ByteDance are sitting on the sidelines.

TC260's proposed standards have influence throughout Chinese government.

Image: Yuichiro Chino/Getty Images

Protocol | China tracks major Chinese standards and regulations with the power to affect your business.

China's economy is projected to be the world's largest by 2028, and Beijing is betting heavily on the power of technology to get it there. But China needs to build and sustain public trust in tech platforms if it wants a future with smart cities that run on the cloud, wide adoption of digital currency and increasing reliance on electronic devices that collect vast amounts of personal data. So it's hastily assembling a regulatory framework, and the organization doing much of this building is the National Information Security Standardization Technical Committee (also known as Technical Committee 260 or TC260). Despite its wonky name, it wields extraordinary power over Chinese cyberspace; as of December, it has issued more than 300 standards related to information security and cybersecurity, and it has about 700 more in the works.

Keep Reading Show less
Clara Wang

Clara Wang is a Researcher - Data Scientist for Protocol | China. Previously, she worked as a data scientist for the Biden campaign and at Civis Analytics, and she spent a summer working for the John L. Thornton China Center at the Brookings Institution. She has conducted research on data privacy, misinformation, and information control in the digital age, and she is completing her Master's in Economics at the Yenching Academy program at Peking University.

Transforming 2021

Blockchain, QR codes and your phone: the race to build vaccine passports

Digital verification systems could give people the freedom to work and travel. Here's how they could actually happen.

One day, you might not need to carry that physical passport around, either.

Photo: CommonPass

There will come a time, hopefully in the near future, when you'll feel comfortable getting on a plane again. You might even stop at the lounge at the airport, head to the regional office when you land and maybe even see a concert that evening. This seemingly distant reality will depend upon vaccine rollouts continuing on schedule, an open-sourced digital verification system and, amazingly, the blockchain.

Several countries around the world have begun to prepare for what comes after vaccinations. Swaths of the population will be vaccinated before others, but that hasn't stopped industries decimated by the pandemic from pioneering ways to get some people back to work and play. One of the most promising efforts is the idea of a "vaccine passport," which would allow individuals to show proof that they've been vaccinated against COVID-19 in a way that could be verified by businesses to allow them to travel, work or relax in public without a great fear of spreading the virus.

Keep Reading Show less
Mike Murphy

Mike Murphy ( @mcwm) is the director of special projects at Protocol, focusing on the industries being rapidly upended by technology and the companies disrupting incumbents. Previously, Mike was the technology editor at Quartz, where he frequently wrote on robotics, artificial intelligence, and consumer electronics.

Protocol | Enterprise

Don’t worry about the cybersecurity fallout of the Capitol breach

Members of Congress can't access classified information on their work computers, and the chances that Wednesday's mob contained a few moonlighting cyberspies are slim.

Any lasting cybersecurity damage from the breach is likely to be limited.

Photo: Louis Velazquez/Unsplash

Among the disasters that visited Capitol Hill on Wednesday, the fact that the people who infiltrated Congressional offices had unfettered access to IT assets for several hours ranks rather low.

One of the most iconic images of Wednesday's events was a picture of the home screen of Speaker Nancy Pelosi's office computer, abandoned in haste after a mob broke into the Capitol building, forcing Congress and staffers to retreat to safer locations. By design, nothing on Pelosi's computer was classified: Members of Congress have to enter a protected area room in the building to view secret documents, as you'll recall from last year's impeachment proceedings when several House Republicans stormed into such a room in protest because they were denied access to documents their leaders could access.

Keep Reading Show less
Tom Krazit

Tom Krazit ( @tomkrazit) is a senior reporter at Protocol, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET and paidContent, and served as executive editor of Gigaom and Structure.

Latest Stories