Learn about and apply the identify function from the NIST Cybersecurity Framework to the Equifax data breach.
- [Instructor] Among other things, the Identify function requires a practitioner of reasonable cybersecurity to set their cybersecurity strategy based on their business environment, to understand and prioritize their cyber risks and to have a good system to support operational risk decision-making. In the wake of the data breach when consumers called Equifax to freeze their credit reports, each one was given a PIN to use to later unfreeze their file. Unfortunately, the PIN was based on the exact time of their phone call, but the PIN should've been randomly generated, which is the correct way to create PINs that are less likely to be guessed by an attacker in the future.
Based just on this one unreasonable practice, we can see that Equifax has not fully integrated proven cybersecurity practices into their operations.