Could Yahoo!'s security breach indicate a larger issue?

By Sumit Modi
Share

Last week, Yahoo! admitted that in 2014, a wide-scale cyber security breach occurred, affecting 500 million users.

 

This issue has only just been made public; names, phone numbers, e-mail addresses, and passwords were stolen in what may be the biggest public cyber security hack ever. No payment information was taken, but queries regarding why Yahoo! has taken so long to recommend that users change their passwords are prevalent, and the company referring to the incident as a ‘state-sponsored’ hack raises yet more questions.

Mark Skilton, a Professor of Practice at Warwick Business School and an expert on cyber security, said of the case:

"While it's not a surprise to hear the magnitude of users that have been corporate hacked - after all the rise of the digital business means everyone is more or less online these days - what is shocking is the date, 2014, and the sense of resignation that some may have to the event. This is far too late for professional cyber security risk management and certainly from the organisational practices inside a company like Yahoo! that one would expect. 

"The other factor is the legal impact for Yahoo! from the reputational impact and liability in losses for customers. This could yet be significant and a headache for Verizon in its planned imminent takeover of Yahoo!

"The lateness of the attack discovery, a whole two years, and the indication that it was a government state sponsored attack suggests both a highly professional stealth attack or perhaps some failure in basic perimeter monitoring by Yahoo!'s internal security practice.  

"Either way, serious questions on internal checking of data breaches must be addressed. There will be a significant internal review in Yahoo! and Verizon to develop a turnaround plan for this hack, but it also suggests a need for a stronger perhaps government and industry role needed to increase cyber protection in the light of the rise in more stealth attacks. 

"The infamous Russian bank stealth attack had a similar slow burn attack from an undetected stealth attack that resulted in an estimated 1 billion euro loss from several banks.

"This Yahoo! situation is not that level of financial loss, but the impact and rise of huge cyber-attacks will need stronger cyber responses."

 

Follow @BizReviewUSA and @NellWalkerMG

Read the September issue of Business Review USA & Canada here

Share

Featured Articles

Employment Rights Bill - What It Means for Your Business

Government introduces the biggest reform to UK employment law in a generation. Here’s what it means for your business

Q&A: Former Novartis CEO Daniel Vasella - McKinsey

Former Novartis CEO Daniel Vasella talks to McKinsey about how his attitudes to leadership have changed and why he’s not afraid to be vulnerable

Share of Population Who are Millionaires to Drop by 20%

Think tank predicts millionaire business owners will flee Britain over next five years to sell businesses overseas – and avoid paying capital gains tax

Why Are US CEOs Stampeding for the Exit Sign?

Human Capital

Companies Wasting Millions on AI Spending - MIT Professor

Technology & AI

6 Biggest Challenges Facing Incoming Nike CEO Elliott Hill

Leadership & Strategy