Even two years after the Equifax data breach, which affected the personal data of 143 million Americans, damning details continue to emerge about the many missteps that the company (and far too many others) made, that lead to the data breach.
Personal information in the hands of hackers is a terrifying thought; worse, it could have easily been prevented.
In fact, with the right information in hand, savvy sales and marketing teams might have seen it coming. The story of the Equifax data breach can be found in our “Scoops”: New projects, financial events like new rounds of funding, new hires and C-suite moves, and other events and insider info uncovered by our team of 250 researchers. (Most Scoops are not available online or publicly available).
Because timing is such a critical part of sales success, this kind of information is called “opportunity data.”
The breach occurred due to a vulnerability caused by an Apache web application that had not been patched. Apache made users aware of the necessary patch in March of 2017, but Equifax did not address the flaw, which could have been prevented by a simple upgrade.
When we look at Equifax through the lens of our Scoops, we can see indications of vulnerability.
These insights demonstrate a pattern of executive departures in security-related roles – in the months leading up to the breach itself, and in the 1.5 months before it was publicly disclosed. The Scoops also show where Equifax could have invested in security solutions to avoid calamity.
Of course there is no way to predict with certainty when a security breach or hack will occur – or that it will happen at all. But keen sales and marketers can use Scoops to spot patterns that inform the timing of their pitch.
Vendors, take note. Scoops indicate a created need for investment in a solution. That might be your solution.
To illustrate a baseline of Scoops during an era without known security breaches, here’s an example of Equifax Scoops from June 2016:
How to decipher Scoops
Each Scoop contains an important piece of information, including:
- Decision-maker moves
- Hiring initiatives
- Spending initiatives
- Pain points (like a data breach)
- Information security, and more
These insights translate to actionable information in three ways: (1) management changes, (2) buyer pain points, and (3) spending trends and projects. We’ll conclude with a demonstration of how you can use this insider information to sell more.
Equifax is a great example. Looking back at the reported Scoops, we can see likely weaknesses and changes that could offer valuable leads for security vendors.
1. Management changes
When interpreting a management change, it is important to note whether a contact who is leaving has no current replacement, whether a new hire is replacing them, or whether a newly hired contact is entering into a newly created position.
This can be inferred based on the information in the Scoop. If there is no indication of a replacement, the position is probably vacant. Similarly, if the Scoop doesn’t mention a contact’s departure, it is probably a new position.
Why does this matter?
When looking at the personnel changes that took place in the four months prior to the Equifax hack, we see two departures and two openings. Both departures were contacts in senior level security roles, in this case Security Operations and Cyber Security.
There appeared to be no replacement:
This suggests that Equifax’s security department was not functioning with the necessary staffing, and that the stability of its security processes, including data security, were likely weakened as a result.
It is unclear as to how long this deficit has existed, but one can deduce that there was not been enough bandwidth to cover all of Equifax’s security needs, indicating a likely backlog of necessary security updates, lack of incident monitoring, or need for new enhanced security processes.
This is big a red flag, as security is a vital aspect of IT.
2. Addressing buyer Pain Points
A Scoop labeled as a Pain Point indicates an area where the IT department is having difficulty.
Whenever possible, Scoops indicate whether the organization is likely to spend to address this issue. Even when data about spending initiatives isn’t available, Pain Points themselves still contain valuable information.
For instance, when looking at the Equifax Pain Points reported prior to the hack, we can see the areas where the IT department is experiencing pain: Between February and March, we reported quite a few pains – which is not a sign of a well maintained and secure environment.
Equifax Pain Points were reported in the following areas:
- Monitoring critical data
- Database management
- Data governance and compliance
- Management of unstructured data
- Critical business applications
- Complexity within its applications portfolio
- Application release cycles
- Deploying applications to the cloud
- Lack of internal talent needed for big data projects, and finally
- Data security and compliance
One Pain Point by itself doesn’t indicate a serious problem.
But as the list grows, so does the probability that the IT department is in trouble. In this case, it’s obvious that there is concern related to the management and security of the company’s data.
For a company responsible for extremely personal information on half of all Americans, this is a huge problem.
We can conclude that Equifax was struggling with data management, its applications environment, staffing, big data, data security, and compliance.
For a great example of using Scoops to act on security breaches, see “Chipotle’s Big Burrito Breach – Malware with a Side of Chips”
We can also see that many of the daily operations involving Equifax’s applications environment are not running as expected. When critical issues like these begin to arise, the IT department may put aside necessary management and updates of other processes in order to solve these problems.
This very scenario could have led to Equifax’s negligence.
3. Spending trends and projects
These Scoops highlight areas where investment is currently taking place or will take place. Sending trends are often interconnected. For example, a project involving the migration of data to the cloud probably involves (or should involve) investment in cloud security and possibly data backup solutions.
If you sell security or data storage solutions, take note.
When looking at the Scoops reported by RainKing and DiscoverOrg in March, we see several new upcoming investments and ongoing areas of focus. (Perhaps one of our shrewd clients convinced Equifax to invest based on the pains reported just weeks ago.)
These reported initiatives indicate a variety of possibilities, such as the likelihood that the IT department may need additional staff or training to achieve newly stated goals surrounding security.
How can you use Scoops?
That is: How does this affect YOU?
We unpacked the value of each Scoop type. Now let’s see how we can use this information to your own advantage.
Consider what other areas may be affected that are relevant to your sales offering.
Management changes may indicate a need for additional support, particularly if it is a departure. Support may be needed not only in the contact’s area of responsibility, but possibly with daily operations. This is an opportunity to introduce your service to the company and position accordingly yourself when the organization is ready to invest. If the Scoop indicates a vacancy, it may be inferred that increased spending will take place in that area. This may allow you to reach out and position your service or product before competitors, as the investment has likely not yet started.
Through spending and project Scoops, we can deduce that additional resources in other areas may be necessary. It is certainly worth reaching out to a company offering a product or service that may assist inadvertently with a current or upcoming investment.
Pain-Point Scoops are a great way to get your foot in the door. When there is pain in one area, there is likely a lack of bandwidth in another. If the nature of the pains are critical to daily operations – like those reported on Equifax – we can assume that investment to solve these problems is necessary (queue your pitch). This is a great way to leverage solutions that alleviate complexity in the specific area of pain, or daily operations.
When you know how to look at the information reported by DiscoverOrg, you can reach out and connect with more companies, you can offer a timely, truly helpful response.