“Lack of skilled developers” may have led to Equifax breach

By Michael McCaw | 20 September 2018

A market-wide lack of skilled developers could be the reason why hacks such as that which led to consumer reporting agency Equifax being fined by the Information Commissioner’s Office (ICO), according to research by software intelligence firm CAST.

“The solution is not to rely on the ability to hire good developers so they write good software – there just aren’t enough skilled developers with whole-system vision to go around,” said Lev Lesokhin, SVP Strategy at CAST. “We need to take our most senior developers, have them design the architectures for data protection, and then ensure these architectural constructs are followed by the developer plebiscite with every build.”

Equifax has been fined £500,000 – the maximum fine available to the ICO before GDPR - for exposing 15 million customers in the UK. It is thought the breach came from the dark web.

Earlier this year, CAST inspected the security protocols of a collection of open source projects and found many were below industry standard security compliance targets.

A recent study by Stripe and Harris Poll found that 61% of C-suite executives believe that access to skilled developer talent is a bigger threat than access to talent. With many firms across the financial services sector seemingly making plans to move into blockchain, artificial intelligence, and machine learning, the technical talent shortage may be soon to be exacerbated.

Following the announcement of the fine, Equifax commented:

“We have received the Monetary Penalty Notice from the Information Commissioner’s Office (ICO) on Wednesday afternoon and are considering the detailed points made.

“Equifax has cooperated fully with the ICO throughout its investigation, and we are disappointed in the findings and the penalty.

“As the ICO makes clear in its report, Equifax has successfully implemented a broad range of measures to prevent the recurrence of such criminal incidents and it acknowledges the strengthened procedures which are now in effect.

“The criminal cyberattack against our US parent company last year was a pivotal moment for our company. We apologise again to any consumers who were put at risk.

“Data security and combatting criminal digital activity is an ongoing battle for all organisations that requires continued innovation and attention. We have acted and continue to act to make things right for consumers. They will always be our priority.”

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development