Are we becoming apathetic to announcements that another big brand has lost sensitive data to attackers?
Are shock and awe being replaced by ‘ohs’ and ‘whatevs’? The full impact of the ‘largest data breach ever’ is still to be seen with US senators accusing Yahoo of ‘unacceptable delay’ in discovering the attack where 500 million accounts (that’s more than one account per inhabitant of the UK, Germany, USA and Canada all added together) were breached. It’s not just the sheer size of the breach but also the delay in which details were disclosed. In a statement last week (22nd Sept 2016), Yahoo said user information — including names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions — was compromised in 2014”.
Let’s put it in perspective
Perhaps it’s still too early and the furnace is still heating up, but there has been a sense of apathy following Yahoo’s announcement. Over the weekend a number of people I know with Yahoo accounts, all of whom confirmed and showed me the lovely email they got from the company, said that they changed their password and weren’t particularly worried about it. Now whilst the breach didn’t include plain text passwords or credit card numbers, it did have personally identifiable information (PII) which could be used in a number of nefarious and personally damaging ways including social engineering, identity theft, fraud etc. Yet this breach doesn’t seem to have witnessed the magnitude of shock one might expect, and some comments I’ve heard were shocking in their own right with some suggesting that Marissa Mayer’s appearance and position as a powerful woman in Silicon Valley may have had something to do with it, then comparing this with the witch hunt that Dido Harding faced when TalkTalk was breached a year ago.
- 157,000 TalkTalk accounts breached in 2015
- 500,000,000 Yahoo accounts breached 2014-2016
Given the numbers, shouldn’t we be a little more concerned about the Yahoo breach? I’m not saying that we necessarily need to be more than 3000 times more upset with Marissa than we were with Dido, but surely a little bit more than we are now.
The TalkTalk breached caused the company to lose 101,000 customers and £60 million. 3000 times that financial amount comes to £180 billion. Yahoo’s not likely to lose that amount, but may very well still put the $4.8 Billion deal with Verizon in jeopardy.
We can help
Concerned that your organisation isn’t prepared for a breach or worried that you might have been breached? We can help. From stress testing your security strategy and working with board level and executive leaders to strengthen the Cyber Culture of your organisation, to hands on the ground support in preparing your security ecosystem and responding to incidents. Infosec Partners are proven experts in full-spectrum cybersecurity and a team you can trust.
For your free consultation, complete the adjacent form or to speak with trusted advisor immediately call us on +44 (0)1256 893662.