It is widely known that hackers target all companies large or small. In social media and cloud storage terms, we’ve seen breaches from a range of businesses include MySpace, LinkedIn, to DropBox and many more.
And now, as almost everyone must be aware, Yahoo has announced it has suffered the largest cyber breach in history. 500 million accounts have been accessed, of which 8 million relate to UK data. This is a particularly difficult issue for Yahoo, who, as announced in July, is close to finalising the £3.7bn deal to sell its core business to Verizon. The breach occurred two years ago, and there is significant speculation about why it has taken so long for the organisation to discover the breach (coincidentally also July 2016).
In July a hacker known as Peace was discovered selling the information of 200 million Yahoo accounts on the dark website Real Dark. It wasn’t until then that Yahoo launched an investigation to see whether – and to what extent – they had been hacked.
It is troublesome, to say the least, that a company of Yahoo’s magnitude can be the victim of the largest cyber attack in the world … and simply not notice for two years. Under the upcoming EU General Data Protection Regulation, notification of such a brief to the Supervisory Authority is mandatory within 72 hours of discovery – which doesn’t really help when a company doesn’t discover the breach for such an extended period of time.
Generally speaking, it takes an average of between 98 and 191 days (over six months) to detect an intrusion, and it does beg the question … why? Some sources report that there is simply too much data for the analysts to sift through to be able to immediately recognise the threat. In addition, false alarms are common.
So to an extent it’s understandable that there would have been some delay in identifying the breach. Almost all of us have had an occasion where the car alarm has gone off because of a gust of wind or a vast lorry getting too close. But you would expect that when someone steals your car’s wheels, its seats and the doors, you just might notice.
So what do we know about this breach?
500 million Yahoo users have had their names, email addresses, dates of birth, hashed passwords, telephone numbers and unencrypted security questions accessed. We also know that Verizon only found out two days before the knowledge of the breach was released to the public.
Now we’re all asking the question “Who’s behind it?” Yahoo believes it was a “state-sponsored actor”. So which state? The suspects so far are Russia (supposedly behind hackers Fancy Bears who hacked WADA and released Olympian’s medical records to show what banned drugs they were taking for medical reasons); North Korea (suspected of being behind the hack on Sony after the film ‘The Interview’ showed its leader in a poor light); China (who, despite denial, allegedly recently stole the finger prints of 4 million Americans from The Office of Personnel Management). Alternatively, it could have been a lone wolf like the TalkTalk breach – TalkTalk too suspected a large corporation but instead it turned out to be a teenager in his bedroom trying to make a few extra quid.
What we need to understand is that, unless companies invest the appropriate time, resource and money to protect their own and their customers’ data, they will continue to be wide open to breach. In the UK only 51% of large businesses have followed half or more of the government’s 10 steps to cyber security.
So … if only half of us are consciously going to take action to attempt to prevent these breaches, is it any wonder that the hackers have it so easy?
Written by Charlotte Seymour, October 2016