The theft of 500 million Yahoo accounts has triggered heightened security fears across all organizations that rely on technology to conduct business. Although the breach actually occurred in late 2014, it just became news recently after a hacker identifying himself as “Peace” claimed to be selling Yahoo user data online.
In September, Yahoo confirmed the cybersecurity breach, blaming it on a “state-sponsored actor,” an individual acting on behalf of a government. It is being called the largest data breach in history. The accounts hacked included names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases security questions and answers. Fortunately, Yahoo does not believe that sensitive financial date like bank account numbers and credit card data were part of the heist.
The massive leak is only the latest in a series of hacks that have plagued companies storing sensitive user information, with no end in sight. It serves as a reminder of how widespread and easy hacking is today—easier than it ever has been according to Ari Schwartz, former senior director for cybersecurity for the Obama administration. “It’s easier to exploit than it is to defend,” he said of business data.
Repurcussions for the Internet pioneer, which has 52 million site visitors a day, include a tarnished reputation from the vast amount of negative press surrounding the incident, notification to users to change their passwords if they haven’t since 2014, and necessary cybersecurity improvements.
In addition, the giant media company is in the midst of an acquisition deal with Verizon. Prior to the breach, Yahoo’s market value was set at $4.8 billion. Verizon has reportedly now asked for a $1 billion discount, demonstrating first hand the devaluation that can result from a massive breach.
The total costs related to the hack will include legal costs and fines from the lawsuits that will ensue. On top of these obvious costs, Yahoo will incur expenses related to lost customer relationships and revenues, increased cost to raise debt, higher insurance premiums, and operational disruptions.
The possibility of such costly destruction as a result of failed cybersecurity protection is enough to cause any business leader to lose sleep worrying about his company’s data safety. The best way you can rest soundly at night is to assess the potential impact of a cybersecurity incident on your unique business and model your security investments accordingly.
When making hardware and software purchase decisions for your company, make sure each item comes with its own security guarantees. Communication solutions are a good example, as they transfer and store pertinent customer information. When vetting vendors, make sure they have taken every precaution to secure your communications. For example, Star2Star Communications places firewalls on all of its hardware. The company also continuously monitors its networks for any suspicious activity, as well as taking many other precautions.
Other features to look for include data encryption for on-premises hardware, anti-virus software, and customizable security reporting. Look for the maximum uptime guarantee available and a rich suite of disaster avoidance and recovery solutions to cover all your bases.
Remember, every business can protect itself against a cybersecurity breach. Make sure that your organization is particulary impregnable to hackers and they’ll move on to an easier target.