Could Yahoo!'s security breach indicate a larger issue?

By Sumit Modi

Last week, Yahoo! admitted that in 2014, a wide-scale cyber security breach occurred, affecting 500 million users.

 

This issue has only just been made public; names, phone numbers, e-mail addresses, and passwords were stolen in what may be the biggest public cyber security hack ever. No payment information was taken, but queries regarding why Yahoo! has taken so long to recommend that users change their passwords are prevalent, and the company referring to the incident as a ‘state-sponsored’ hack raises yet more questions.

Mark Skilton, a Professor of Practice at Warwick Business School and an expert on cyber security, said of the case:

"While it's not a surprise to hear the magnitude of users that have been corporate hacked - after all the rise of the digital business means everyone is more or less online these days - what is shocking is the date, 2014, and the sense of resignation that some may have to the event. This is far too late for professional cyber security risk management and certainly from the organisational practices inside a company like Yahoo! that one would expect. 

"The other factor is the legal impact for Yahoo! from the reputational impact and liability in losses for customers. This could yet be significant and a headache for Verizon in its planned imminent takeover of Yahoo!

"The lateness of the attack discovery, a whole two years, and the indication that it was a government state sponsored attack suggests both a highly professional stealth attack or perhaps some failure in basic perimeter monitoring by Yahoo!'s internal security practice.  

"Either way, serious questions on internal checking of data breaches must be addressed. There will be a significant internal review in Yahoo! and Verizon to develop a turnaround plan for this hack, but it also suggests a need for a stronger perhaps government and industry role needed to increase cyber protection in the light of the rise in more stealth attacks. 

"The infamous Russian bank stealth attack had a similar slow burn attack from an undetected stealth attack that resulted in an estimated 1 billion euro loss from several banks.

"This Yahoo! situation is not that level of financial loss, but the impact and rise of huge cyber-attacks will need stronger cyber responses."

 

Follow @BizReviewUSA and @NellWalkerMG

Read the September issue of Business Review USA & Canada here

Share

Featured Articles

Top 20 essential leadership resources for Black executives

To celebrate Black History Month, here are 20 resources for Black leaders – from business books to leadership coaches to business school exec programs

Broadridge study reveals huge impact of AI on C-suite

Broadridge Financial Solutions spoke to 500 C-suite executives from across the globe, many of whom said AI was significantly changing the way they work

PwC's Kathryn Kaminsky – the role of boards on social issues

As Vice Chair Trust Solutions Co-Leader at PwC, Kathryn Kaminsky says boards play an important role in helping businesses take action on social issues

Why your business needs a Chief Transformation Officer

Leadership & Strategy

12 top AI and ML trends for the enterprise in 2023 – Dataiku

Technology & AI

From NYC to Hong Kong, the rise of the private members' club

Leadership & Strategy