Equifax hack shows we need more regulation

So Equifax data for 143 million people was stolen. Many people have said, "How could they let this happen?" Part of the reason is, of course, the sophistication of hackers. In my career in IT I have worked for two major banks. I can tell you that the attacks are relentless.

But the bottom-line reason is that it is not about us. Because the credit bureaus, all of them, are not about us. They are all about selling information about us.

The best defense against hackers is constant and timely updates to security software as well as network and application software - both for business and personal devices. Equally and maybe more important, is the education of employees regarding security. Phishing is one of the most common methods of getting entry to systems - it's a way to get past firewalls and security filters. Everyone knows not to click on links when they are unsure of the source.

The people at Equifax should be and probably are aware of these best practices. So what happened? We don't know and may not ever know.

It is really, really expensive and very hard - requiring a lot of talent - to run an ultra-secure IT enterprise. So, based on my experience, I believe that Equifax outsourced all or part of their IT, thinking they would save money. In all probability, the service they outsourced was not as rigorously maintained as it should have been.

In the months and weeks just prior to the hack, Equifax was spending millions in lobbying money to get regulations on their industry rolled back. The consumer protection regulations that are about us.

In today's anti-regulatory political environment they might well have succeeded, except for the hack that proves we need more regulation rather than less.

Mike Kennedy

Lisle