Equifax recently hosted its inaugural Customer Security Summit: a direct conversation between our company’s security and privacy leaders and several hundred customers of Equifax’s U.S. Information Services and Equifax Workforce Solutions business units.
Equifax Chief Executive Officer Mark Begor, Chief Information Security Officer Jamil Farshchi, Chief Privacy and Data Governance Officer Nick Oldham, and leaders throughout the company spoke about the evolution of our security program and gave an in-depth look at topics including access management, incident response, cloud security, data protection and privacy.
“When I joined Equifax in April 2018, it was about six months after our cyber event,” said Begor.
As part of Equifax’s business transformation, the company made a $1.5 billion investment to rebuild the security and technology capabilities across our platforms. We hired more than 1,000 new employees with highly-specialized skills in technology and security, and we opened a multi-million dollar Global Security Fusion Center that supports 24-7 detection and response capabilities.
“We also tripled the size of our audit team,” added Begor. “We have a dedicated technology audit team that is made up of both Equifax employees and third-party associates that are auditing our technology stack and our progress on security on a constant basis.”
As part of the Summit, customers heard first hand about...
How we effectively protect the cloud: “We baked security into the design… all the way from our application design to the networking infrastructure,” said Russ Ayres, SVP of Security Architecture and Engineering.
How our Cloud Assurance monitors key controls in real-time, all the time: “We have full traceability of when a control is communicated, implemented, and validated. This real-time security posture allows us to evaluate and assess control effectiveness and identify control gaps in our program constantly,” said Jerry Liu, VP of Global Enterprise Security.
Our continuous security education, training, and awareness approach: “One of our major achievements this year has been providing personalized security snapshots to each employee globally. This enables them to monitor their own security performance with clear actions to improve their score,” said Yinka Badmus, VP of Global Security Risk Operations.
Our data privacy controls framework: “We’ve adopted the NIST Cybersecurity and Privacy Framework to our environment and created a single, comprehensive control framework that is specifically tailored to our technological and regulatory requirements,” said Nick Oldham, Chief Privacy and Data Governance Officer.
Our global threat & vulnerability management strategy: “Our objective is to detect, understand, and mitigate threats before they affect Equifax, our partners, and consumers” said Adam Tice, SVP of Cyber Operations.
Key functions of our identity & access management program: “Multi-factor authentication is a top priority for our company. That’s why 100% of our remote network access is protected with multi-factor authentication, including our privileged assets that hold our most sensitive information,” said Ganesh Krishnakumar, SVP of Identity & Access Management.
Our physical security, investigations, and crisis management protocols: “We conduct tabletop exercises for cyber-related events, fraud-related events, natural disasters and outages, facility threats, and most recently, insider threats. We also employ artificial intelligence for some of our key locations so we can pick up on anomalies,” said Greg Baker, SVP of Physical Security and Investigations.