The job of a CISO is insanely risky as it may cost billions of dollars. Though it is a lucrative career option. CISOs are usually discharged for not preventing cybersecurity threats. Instead of worrying about being discharged, CISOs should focus on how to learn from mistakes and where to expand them. Here are the top 5 cybersecurity incidents that cost CISO their jobs. Aspiring CISOs ought not to fear reading these security threats. These security incidents are just lessons for the cyber community.
1. Capital One
Attacked by a former Amazon Employee, Capital One expected to lose between $100-$150 million. In July 2019, according to the announcement, the attacker gained access to the personal information of over 100 million customers. Later in November 2019, according to a report in the Wall Street Journal, Capital One displaced Michael Johnson, CISO of the firm.
2. Equifax
Happened in 2017, Equifax was attacked via an unpatched customer complaint web portal. The attack ends up compromising the customer’s personal information (e.g dates of birth, Social Security numbers and driver license numbers etc). The attack ran for several months simply because it was undetectable. The company deduced the attack for not being able to update a certificate on an internal security tool.
From several concerned authorities, the company was condemned for neglecting security, whereas they also concluded the attack “entirely preventable”. Jun Ying, CIO of Equifax was jailed for four months with a fine of $55,000 for insider trading and the CISO of Equifax was later replaced by Russ Ayres.
3. Uber
In late 2017, Uber, a ride-hailing company, announced a data leak of its 57 million riders which comprised data such as email addresses, phone numbers, driver license numbers etc. The company acknowledged their negligence on the attack for not enabling multi-factor authentication in their system. Therefore, attackers get access to the private GitHub code repository to be compromised. However, they also had access to the company’s AWS S3 as the login credentials were easily available there. The beach took place for several months and Joe Sullivan, the CSO of Uber, was fired for two and half years.
4. Target
Attacked in 2013, it is still a talk of the people as it was a successful supply chain attack. To get the advantage of the low security of Target, the US retailer, attackers utilized Target’s payment details and hence stole payment details of over 40 million customers. It happened during the Christmas period in 2013. The CIO, Beth Jacob left Target soon after the attack and appointed their first CISO, former GE CISO Brad Maiorino.
5. JP Morgan
Over 83 million accounts in the US were stolen from JP Morgan. These accounts hold personal data such as names, email and postal addresses and phone numbers. The attack led to CSO Jim Cummings and CISO Greg Rattray reassigned to new positions. Cummings was reassigned to work on military and veterans housing initiatives of the bank. Rattray was made head of global cyber partnerships and government strategy.
Feel free to add in comments any cybersecurity incident you would like to get added that resulted in CISO losing their jobs!
