- Equifax appointed Jamil Farshchi, the former CISO of The Home Depot, to revamp its security strategy as its new CISO, the company announced Monday. In his role, Farshchi will be in charge of companywide security .
- A long-time CISO, Farshchi was brought on at The Home Depot in April 2015 following the company's 2014 data breach. At Equifax, he will report directly to the CEO as he works to transform the company's security program.
- Farshchi "has a reputation for helping enterprises rebuild and fortify information security programs," said Paulino do Rego Barros, Jr., interim Chief Executive Officer at Equifax, in a statement. His experience will allow the company to install industry best practices when designing and deploying security strategy.
One of the first high profile breaches, the compromise of The Home Depot's payment card system in 2014 forced the company to revamp its security strategy. The retailer had to pay at least $19.5 million to settle consumer lawsuits and was required to improve its data security efforts and bring on a new CISO.
Equifax is facing similar security mandates in the wake its breach, which sparked more than 240 lawsuits and launched numerous government investigations. The company is still working to understand the scope of the breach and has been without a full-time security chief since former CSO Susan Mauldin retired in September.
While Farshchi has a daunting task, his experience revamping a company's security portfolio following a breach will likely allow for a more streamlined process.
What's key for Equifax is to fully understand its networks and install a security strategy that can patch and respond to threats in a timely manner. With the amount of sensitive information the organization works with, threats are guaranteed. But if it can successfully revamp its security approach, the regulator spotlight may lessen.
Organizations across sectors are aware of and understand cybersecurity risks, particularly in light of highly-publicized failures. Detection, however, is still major challenge. When companies don't understand the full scope of a breach's impact, members of the C-suite tend to take reactive measures, which don't work to adequately improve cybersecurity efforts.