Yahoo Data Breach, Part 1: What Experts Say

It’s been a few days since Yahoo confirmed a massive data breach, but we still know very little about the biggest hack in history.  Who exactly was behind this attack? What the hackers obtained precisely? We still have more questions than answers. But the biggest question is about lessons businesses should learn from this catastrophe. What should they do for not being next?

In this article we have gathered insights from our bloggers that can help companies avoid Yahoo’s mistakes.

What lessons businesses should bring out of this data breach?

“Enterprises should spend time and money and use whatever resources are necessary to investigate cyber security incidents to minimize the potential impact to users. In Yahoo’s situation, most of the impacted accounts remained vulnerable for over 2 years.”

“What should companies do? They should never assume that your security is good enough. Personally, I believe in “hacking your site”.  Always probe your own defenses and see what you can do to fix those weaknesses.”

“The most important lesson: encrypt everything. Everything. Especially personal information like names and dates of birth and security questions; not just passwords. Encrypt everything.”

“Developers and enterprises remember one thing – Hash and Salt!”

“Don’t trust that you haven’t been hacked – it took Yahoo 2 years to find this out.”

“Being the world’s biggest known cyber breach by far, Yahoo hack gives lots of food for thought. First, standing in the line with OPM and Blue Cross data leaks, it indicates that breaches now get more personal impact. Identity theft is on its the rise, while credit card and financial data are no longer the favorite target for hackers. Second, Yahoo has shown an unacceptable indifference to clients’ interests, putting company’s well-being above them. Holding the report on data leak suspicions back for two years is the one of the worst management mistakes that Yahoo has done – at the cost of unprecedented volume of personal data being irretrievable. While credit cards can be re-issued, the impact from privacy loss is long-lasting and has a higher risk of expansion, because stolen Yahoo accounts’ information gives enough to extract the maximum value from it. Considering this, it’s likely that government will continue working on regulations to impose stricter disclosure requirements and toughening the sentences for any organization that fails to protect personal data.”

Keep access to your sensitive data under control with Netwrix Auditor!

Netwrix Auditor lets you identify suspicious activity that might put data at risk at its early stages. It delivers security analytics about critical changes, configurations and data access in hybrid cloud IT environments and enables investigation of suspicious user behavior.  Interactive Search feature enables you to drill into the details, investigate the activity further and determine how to prevent similar incidents from occurring in the future.

You may be interested in:

Related articles:

Co-founder of Netwrix. Alex is a well-known expert in the enterprise software industry. He holds both a master's degree and a Ph.D. in information security. As an author, Alex covers Netwrix’s awards and nominations, as well as cybersecurity trends.