Maksim Kabakou - Fotolia

Channel can help customers answer the Yahoo questions

The disclosure of a major data breach at Yahoo puts the channel in a position to share advice and product recommendations with customers looking to avoid the same fate

There was a time when a high profile data breach like the latest one from Yahoo would have had the channel rubbing their hands in glee as it meant there was a chance to exploit the situation and use it to scare some customers into spending.

The days of selling security on a basis of fear, uncertainty and doubt (FUD) have largely disappeared and the shock of the headlines has worn off because these events are now so common.

There should be some mileage for the channel with the latest Yahoo breach because of the scale, with the personal details of up to 1bn accounts impacted, as well as the length of time the problem had been going on for, from around 2013.

The channel will get asked questions about the breach and how it occurred. Some of those same queries are being discussed right now in the industry.

“We all can learn from Yahoo!’s misfortune, teaching us how to preempt and react to [potential] breaches, because the tools are out there on the market to help. With Yahoo! being such a behemoth organisation, the question here is - did they invest in security and, if so, how did it go so wrong?," asked Alez Cruz-Farmer, vice president at NSFocus.

Out on the doorsteps the chances are that even if the details of the Yahoo breach are not recalled by the customer the overall sense of needing to do something about security will have been absorbed.

"Personally I believe the shock impact of these breaches has long gone, but what they are doing daily is subliminally making everyone more aware that they must take care of the data they handle, and that organisations need to step up to protect their digital assets," said Justine Cross, regional director at Watchful Software.

"Security has absolutely established itself as a board concern and I see budgets growing not declining. The fines and brand impact resulting from data breaches is continuing to grow,  and I have seen a big increase in organisations recognising the way they handle digital assets is not good enough. More companies are becoming aware that they need to put measures in place to help their employees understand how and why digital assets need protecting," she added.

In light of what has happened there are some obvious products and services that can be pitched, ranging from point products to suites designed to protect data.

Stressing the importance

The damage to reputation from a breach as well publicised as the Yahoo one means that resellers should be pushing senior management in their customers to take security seriously.

"No company is immune to the threats of cybercrime, and this should be yet another wake up call for businesses, pushing them to be prepared for when a breach will inevitably happen. It is imperative that companies ensure that they have a robust security system in place to mitigate these risks and to safeguard their data should a breach occur," said David Navin, head of corporate at Smoothwall.

“Unfortunately for everyone involved, this was likely the result of lapses in basic security hygiene and decision-makers who did not fully care or understand it. This isn’t something that should be tolerated in business," said John Madelin, CEO at RelianceACSN.

"I think C-Suite and board members around the business community will be following this very closely, and reconsider their approach to security in proportion to losses Yahoo will suffer," he added.

Breach detection

one of the aspects of the GDPR data protection regulations is for the need for firms suffering a breach to disclose it quickly so users can take steps to change passwords and avoid phising attacks.

The length of time that it took Yahoo is of grave concern to those that are familiar with the tools that can alert firms to a breach.

"It is vitally important to be able to detect a breach in a timely manner so as to either prevent the breach, to minimise the impact, or to forewarn users, customers, and shareholders so that steps can be taken to prevent being caught off guard," said Javvad Malik, security advocate at AlienVault.

"However, when a breach is disclosed after three years, it has almost zero value. The damage has been long done and people could have ended up victims without realising the source," he added "The lack of breach detection is extremely worrying, and should serve as a reminder to all organisations of all sizes that if you hold user data, you have a responsibility to secure it.”


The first thing anyone asks after a breach is disclosed is whether or not the data was encrypted. This latest case will again underline the need for firms to encrypt data.

Andrew Alston, UK director at Covata, said that if data was unencrypted then it would have consequences for users that would now have to change the passwords.

"While Yahoo has been quick to point out that the passwords accessed in this incident were hashed, the algorithm used – MD5 – doesn’t deliver the levels of security offered by adopting more advanced encryption technology that secures data in individual pieces rather than in large sets.  Simply put, MD5 just isn’t up to the task," he said.
“Yahoo admits that user security questions and answers have also been stolen, and that not all of this information was encrypted. This means hackers could conceivably know all the answers to the standard questions that so many online businesses – not just Yahoo – use to verify user identities.  If they know information such as your mother’s maiden name, the name of your first pet or your primary school, they can now use this information to access online accounts and potentially reset passwords," he added.

Behavioural monitoring

Unusual things can often point to problems and hackers and so one of the solutions that the channel should be able to pitch following the Yahoo breach is tools that monitor user behaviour.

"Whether the breach occurred due to an external actor breaking-in, or through a trusted third party, once the attacker has gained a foothold they effectively become an 'insider', able to traverse and access systems with impunity. As with any insider or trusted partner – if proper monitoring is not put in place, then security incidents like the one that happened over the weekend can occur quickly and without warning," said Dr Jamie Graves, CEO of ZoneFox.

"In order to identify and remedy the situation as fast as possible, businesses no matter how large or small, must ensure they have some form of behavioural monitoring solution in place at all times, to identify and combat any breaches and suspicious activity from staff and partners alike immediately," he added.

Read more on Data Protection Services