Last year, Yahoo! reported two major data breaches which were the largest data breaches the world had ever seen. The first breach occurred in 2014 and reportedly compromised more than 500 million accounts. The second breach Yahoo! reported, which happened back in 2013, compromised more than one billion user accounts. While data breaches can happen to anyone, the extent of damage in the Yahoo! case raised suspicions. How was it that so many user accounts easily got hacked, and why did it take so long before anyone knew what happened?
Now, it’s becoming more clear what actually led to such a disaster.
While many of us can sit and judge Yahoo! for its mistakes, there’s actually a lot your company should learn from the Yahoo! breach.
What Information was Leaked?
When a data breach happens, there’s no limit as to what the hackers can take. Whether you work in the PCI or in the healthcare industry, a customer’s information can be used to do all sorts of terrible things. In the case of the Yahoo! breach, although financial information was likely not taken, the hackers did get their hands on everything from names and email addresses, to birthdates and encrypted security passwords. Obviously, this information can be used to ultimately take financial information.
Who Was to Blame?
With a record number of accounts compromised, it was only a matter of time before the higher-ups at Yahoo! started pointing fingers. After all, no one wants to take the blame in such a newsworthy situation. Ultimately, Yahoo Inc. directed attention to the executives for not taking appropriate action to investigate the breach, let alone take steps to try and prevent it from happening in the first place.
A review by Yahoo!’s board revealed some concerning truths. Supposedly, there was a complete disconnect in internal reporting and management, which was probably what allowed the hackers to slip through so easily and do so much damage. The consequences for the people held responsible were life-changing. One of Yahoo!’s lawyers stepped down, CEO Marissa Mayer didn’t receive her bonus, and needless to say, their stock went down dramatically. The FBI is currently investigating the details.
So, do you think Yahoo! was right in blaming their executives, even though it could have been an IT or internal problem? Actually, yes.
The Leaders of the Company are ALWAYS Responsible
There are a lot of things that can cause a data breach. And, a report done by the Online Trust Alliance (OTA) showed that over 90% of hacks in the first half of 2014 were preventable. Whether it was an outside hacker or an error on the staff’s part, that’s a pretty shocking number. So, when it comes to Yahoo!, why couldn’t they see it sooner?
Though we don’t know all the answers yet, it’s likely that the breakup in communication allowed the hack to happen so easily, and more than once. No matter what the actual cause is, any time a data breach occurs, it’s always the responsibility of the company executive, much of the same way a captain needs to go down with his or her ship. This is why Yahoo!’s CEO had to take the blame and a pay cut as a consequence, which could have definitely been worse. At the end of the day, it’s the company executive’s responsibility to help prevent data breaches as best as possible.
Here’s How You Don’t End Up Like Yahoo!
You understand the responsibility you hold as an executive. That’s great. But, you might be feeling overwhelmed with this responsibility, as data breaches can still occur even after taking the property security measures. But, don’t be alarmed. As long as you’re taking the steps to be cyber-compliant, you have security protocol for staff, and you make sure your systems are secure as possible on a regular basis, you don’t have much to worry about!
Smeester & Associates can help CEOs like yourself make the right decisions for your company, whether those involve cyber threats or other concerns in your IT department. To see if you’re at risk of a security breach, take our RiskAware™ Cyber Security Scan & Report today.