"IU cybersecurity program chair Scott Shackelford says that's a stark contrast to the just-settled Equifax breach two years ago. which he calls "a case study in what not to do." He says the credit-reporting agency spent weeks downplaying the significance of the breach, then caught more flak by offering free credit monitoring only if customers agreed to take any legal claims to arbitration instead of the courts.
But Shackelford says the lone hacker charged in the Capital One case isn't typical either. Shackelford says all companies need to realize their adversaries are more likely to be a foreign government, with unlimited resources and unlimited time, and plan their defenses accordingly."