What this does is tell us that Equifax isn’t all that different than law firms. Sure, we want to make sure patches and updates are applied, we all have a time set aside to do exactly that on a regular basis.
We tell everyone when it’s time to do that, and during the updates certain systems will not be available, and people should expect to see some interruptions to email and other resources. We explain why it’s important to keep systems patched and updated, and firm management nods in agreement.
Then, when it comes time to actually do it.
But, but, but…..
There’s always some reason to put it off, some one who has to be able to work, and use that resource without interruption, etc. We tell ourselves that it’s just a little delay, no big deal, we’ll catch up with these patches during the next cycle.
Until we’re the next news story about a data breach.