igor - Fotolia
There really is no time to rest on your laurels in the fast moving world of the Internet.
For example, Yahoo! was hacked in 2014. The beauty of online business is that the cloud pioneer was able to ’scale up’ its breach almost instantly, instantly sharing millions of our details with the criminals: names, email addresses, dates of birth, telephone numbers and encrypted passwords. Now, we Yahoo! account holders will simply have to re-examine everything we’ve ever done online since 2014. It really is that simple!
Being an agile company, Yahoo! was fast to react and within just two years of discovering the problem (yes two years) it was able to act on this intelligence. Well, you can’t stand on ceremony in this business. You need to act at the speed of the cloud!
Incredibly, even in that short number of years, the security of some us will have been compromised, according to John Bambenek, threat intelligence manager at Fidelis Cybersecurity.
“Email communication is not only insecure, it’s insecurable,” says Bambenek, “The more sensitive the information is, the more likely it shouldn’t be put into an email.”
I wish security companies were banging this drum a bit louder two years ago. There seems to be a lot wisdom after the event.
Ian Trump, global security lead at LOGICnow, says his first response to Yahoo’s revelation was surprise that anyone uses Yahoo! anymore. Hang on there’s billions of them.
Still, this Yahoo event has created a cracking business opportunity for the security service providers.
“I’ve said repeatedly that if you are not using two factor authentication for your cloud services, you will likely get breached,” says Trump. “Every time a large organisation with a treasure trove of unencrypted or poorly encrypted user IDs and passwords falls prey to hackers, it gives the impression, perhaps true, that the hosted services industry has a casual disregard for customer security.”
Yahoo’s billion active users will now be migrating to an alternative service such as Gmail or Outlook.com while Yahoo is in its death throes, Trump says. Is that going to be a case of out of the frying pan into the fire?
Rival vendors and security firms apart, the other main beneficiaries should be information officers. “Having the right Board composition is critical – and today that includes having a chief information security officer at the top table,” says Nathan Dornbrook, CTO at ECS Security Practice. Yahoo is a cautionary tale - there was no CISO on the Board.
Which company board members can predict how a DDoS attack is conducted or where the Darknet might be? Usually none, says Dornbrook and yet these these events can kill your company. As boards look what happened to Yahoo! they may either consider promoting internally - or get a service provider on board.
“Fighting cyber crime will take more advice on regular password changing,” says Douglas Crawford, cyber security expert at BestVPN.com. But this breach is a gift, surely for security service providers. “National Cyber Security Awareness month is a step in the right direction, but we’ve certainly got a long way to go,” says Crawford.