Yahoo was the latest victim to cyber crime - it is the largest cyber attack of all time, with 500 million accounts compromised by what appears to be a state-sponsored actor. Yahoo made the announcement late last week that the event occurred in 2014 and has found no evidence that the malicious actor is still in their network.
What Should You Do Now?
It’s all too common that people use the same password for multiple sites, a practice that should never be done. If you have a Yahoo account – change your password immediately and all other sites you’ve used that password for. Investigators are also advising consumers to update their security questions on the hacked site as that information was likely compromised as well. Furthermore, even though Yahoo does not think payment card data and bank account information was stolen as a part of this cyber attack, it is recommended that you watch your accounts closely – especially if you’ve transferred that information via your Yahoo email account.
How Did This Happen?
Although specific details have not yet been released, it’s most likely a lack of proper security controls is the contributing factor. Organizations must “prevent” intrusion at their perimeter, "detect" the intruder within the network if the perimeter is breached and “inspect" content using a security policy enforcement engine when a hacker attempts to export data following a cyber attack.
The question that I ask is – how did Yahoo not know they had been hack two years ago or were they just not being honest with their customers and shareholders? Most companies don’t figure out that an intruder is/was in their network for about six months, but to find out years later is an extreme lapse in security and audit protocol.
What Can Companies Do to Prevent This?
Surprisingly the answer is relatively simple - Prevent-Detect-Inspect. Having a mindset around these three basic principles is key. Far too often companies get caught up in the day-to-day operations and get away from basic security principles such as these. It should always be the first priority to prevent intruders from gaining access to your network and information, but understanding that gaps do sometimes exist, detecting an intruder must be the second line of defense followed by inspection of information that’s leaving your network is key. Security is all about layers of defense – the more you have the more likely you will be to limit information loss.
How Does the Yahoo Breach Compare to Others?
This is the largest breach of all time - 500 million accounts were compromised. Not only will this affect Yahoo’s reputation with their customers and shareholders, it will also likely affect their pending $4.8 billion merger with Verizon. The graph below outlines some of the largest cyber attacks of all time dating back to 2004 with AOL.
Sources: The Telegraph, DataBreaches.net, Privacy Rights Clearinghouse
Security must be taken seriously – companies that lack controls and solutions will face the consequences by losing market share, revenue, customers, shareholders and mergers. We’ve been talking about cyber attacks for far too long without action and progress against cyber criminals – it is time to partner with a security vendor that will help you – Prevent, Detect & Inspect.