Inside Scoop: Learning from Equifax – How Sales Can Act on (and Anticipate) a Data Breach

Equifax, one of the three major credit card reporting companies, has certainly been through the ringer since a major data hack occurred, leaving 143 million American’s personal data at risk.

In the month since then, details of this breach (and far too many others) have made headlines, keeping cybersecurity top of mind for weary, wary consumers.

Having such sensitive information in the hands of hackers is a terrifying thought, but what makes it worse is that it could have easily been prevented.

With the right information in-hand, savvy sales pros and marketers might have seen it coming. Even now, we can find insights to better sell security products in a more timely and helpful way – both in response to Equifax, and in preparation for the next inevitable security breach.

The story can be found in our Buying Scoops and Triggers: These are planned projects, personnel movement, and events and insider info uncovered by our team of 250 researchers. (Most of this insight is not online or publicly available).

The breach occurred due to a vulnerability caused by an Apache web application that had not been patched. Apache made users aware of the necessary patch in March of 2017, but Equifax did not address the flaw, which could have been prevented by a simple upgrade.

DiscoverOrg's Triggers predicted Chipotle malware attack

See how DiscoverOrg Scoops predicted Chipotle’s recent data breach.

When we look at Equifax through the lens of our Scoops, we can see indications of vulnerability.

These insights demonstrate a pattern of executive departures in security-related roles – in the months leading up to the breach itself, and in the 1.5 months before it was publicly disclosed. The Scoops also show where Equifax could have invested in security solutions to avoid calamity.

Of course there is no way to predict with certainty when a security breach or hack will occur – or that it will happen at all. But keen sales and marketers can use Scoops to spot patterns that inform the timing of their pitch.

Vendors, take note. Scoops indicate a created need for investment in a solution. That might be your solution.

To illustrate a baseline of Scoops during an era without known security breaches, here’s an example of Equifax Scoops from June 2016:

Equifax Scoops Triggers data security breach

So how can YOU use these Scoops to leverage a product or service?

How to decipher Scoops

Each Scoop contains an important piece of information, including:

  • Decision-maker moves
  • Hiring initiatives
  • Earnings
  • Spending initiatives
  • Projects
  • Pain points (like a data breach)
  • Information security, and more

These insights translate to actionable information in three ways: (1) management changes, (2) buyer pain points, and (3) spending trends and projects. We’ll conclude with a demonstration of how you can use this insider information to sell more.

Equifax is a great example. Looking back at the reported Scoops, we can see likely weaknesses and changes that could offer valuable leads for security vendors.

1. Management changes

When interpreting a management change, it is important to note whether a contact who is leaving has no current replacement, whether a new hire is replacing them, or whether a newly hired contact is entering into a newly created position.

This can be inferred based on the information in the Scoop. If there is no indication of a replacement, the position is probably vacant. Similarly, if the Scoop doesn’t mention a contact’s departure, it is probably a new position.

Why does this matter?

When looking at the personnel changes that took place in the four months prior to the Equifax hack, we see two departures and two openings. Both departures were contacts in senior level security roles, in this case Security Operations and Cyber Security.

There appeared to be no replacement:

predicting a data security breach

This suggests that Equifax’s security department was not functioning with the necessary staffing, and that the stability of its security processes, including data security, were likely weakened as a result.

It is unclear as to how long this deficit has existed, but one can deduce that there was not been enough bandwidth to cover all of Equifax’s security needs, indicating a likely backlog of necessary security updates, lack of incident monitoring, or need for new enhanced security processes.

This is big a red flag, as security is a vital aspect of IT.

2. Addressing buyer Pain Points

A Scoop labeled as a Pain Point indicates an area where the IT department is having difficulty.

Whenever possible, Scoops indicate whether the organization is likely to spend to address this issue. Even when data about spending initiatives isn’t available, Pain Points themselves still contain valuable information.

For instance, when looking at the Equifax Pain Points reported prior to the hack, we can see the areas where the IT department is experiencing pain: Between February and March, we reported quite a few pains – which is not a sign of a well maintained and secure environment.

data security breach

Data security breach

Pain point data security breach

Equifax Pain Points were reported in the following areas:

  • Monitoring critical data
  • Database management
  • Data governance and compliance
  • Management of unstructured data
  • Critical business applications
  • Complexity within its applications portfolio
  • Application release cycles
  • Deploying applications to the cloud
  • Lack of internal talent needed for big data projects, and finally
  • Data security and compliance

One Pain Point by itself doesn’t indicate a serious problem.

But as the list grows, so does the probability that the IT department is in trouble. In this case, it’s obvious that there is concern related to the management and security of the company’s data.

For a company responsible for extremely personal information on half of all Americans, this is a huge problem.

We can conclude that Equifax was struggling with data management, its applications environment, staffing, big data, data security, and compliance.

For a great example of using Scoops to act on security breaches, see “Chipotle’s Big Burrito Breach – Malware with a Side of Chips”

We can also see that many of the daily operations involving Equifax’s applications environment are not running as expected. When critical issues like these begin to arise, the IT department may put aside necessary management and updates of other processes in order to solve these problems.

This very scenario could have led to Equifax’s negligence.

Get our ebook: Why Didn’t They Buy? A Deep-Dive into Buyer Preferences – and the Implications for Salespeople

3. Spending trends and projects

These Scoops highlight areas where investment is currently taking place or will take place. Sending trends are often interconnected. For example, a project involving the migration of data to the cloud probably involves (or should involve) investment in cloud security and possibly data backup solutions.

If you sell security or data storage solutions, take note.

When looking at the Scoops reported by RainKing and DiscoverOrg in March, we see several new upcoming investments and ongoing areas of focus. (Perhaps one of our shrewd clients convinced Equifax to invest based on the pains reported just weeks ago.)

These reported initiatives indicate a variety of possibilities, such as the likelihood that the IT department may need additional staff or training to achieve newly stated goals surrounding security.

Read it: Cold Voicemails Work … Just Not How You Expecteddata breach scoops triggers

How can you use Scoops?

That is: How does this affect YOU?

We unpacked the value of each Scoop type. Now let’s see how we can use this information to your own advantage.

Consider what other areas may be affected that are relevant to your sales offering.

Management changes may indicate a need for additional support, particularly if it is a departure. Support may be needed not only in the contact’s area of responsibility, but possibly with daily operations. This is an opportunity to introduce your service to the company and position accordingly yourself when the organization is ready to invest. If the Scoop indicates a vacancy, it may be inferred that increased spending will take place in that area. This may allow you to reach out and position your service or product before competitors, as the investment has likely not yet started.

A man opens a cold email not spamThrough spending and project Scoops, we can deduce that additional resources in other areas may be necessary. It is certainly worth reaching out to a company offering a product or service that may assist inadvertently with a current or upcoming investment.

Pain-Point Scoops are a great way to get your foot in the door. When there is pain in one area, there is likely a lack of bandwidth in another. If the nature of the pains are critical to daily operations – like those reported on Equifax – we can assume that investment to solve these problems is necessary (queue your pitch). This is a great way to leverage solutions that alleviate complexity in the specific area of pain, or daily operations.

When you know how to look at the information reported by DiscoverOrg, you can reach out and connect with more companies, you can offer a timely, truly helpful response.

For more information on how to approach buyers the way they want to be approached, grab a copy of our ebook.

Take a deep dive into buyer preferences - and the implications for salespeople.Download the Full Buyer Persona Study
Dorie Phillips

As a Research Manager Dorie Phillips focuses on maintaining and improving the processes used for gathering and ..read more