I have to admit to being a Star Wars fan and did enjoy the latest fix, Rogue One, where we saw how the plans for the death star were uncovered. These plans prove during later movies to being instrumental in moving the power back from the dark side.
There is a similar cyber battle going on in business. 2016 was a bad year for Yahoo!, one of the great pioneers of the internet. During September 2016, it reported that a security breach had affected over 500 million Yahoo! user accounts, the largest security breach ever to be reported publicly. But it turns out that this was just the beginning…
Yahoo! publicly reported the breach on September 22, 2016. When they began to investigate, they found that the account names and passwords for about 200 million Yahoo! accounts were put up for sale on the darknet market site. Although Yahoo! had been aware of an intrusion into their network during 2014, they hadn’t understood the extent of the breach until then. Hackers had taken nearly 2 years before the 200 million account details were offered for sale and the information made public.
It was discovered that hackers had obtained data from over 500 million user accounts, including private information such as account names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers.
Also during the investigation, evidence was found of another breach from a darkweb seller who was offering to sell a list of more than one billion Yahoo! accounts in August 2015. He found that similar data had been taken from these 1 billion user accounts, including unencrypted security questions and answers. Yahoo! reported this separate breach on December 14, 2016. In response they forced all affected users to change passwords, and to ensure all security questions and answers were encrypted.
This information, especially security questions and answers, could help hackers break into victims' other online accounts. Experts advised that the incident could have far-reaching consequences involving privacy, potentially including finance and banking as well as personal information of people's lives.
How could this even happen to Yahoo!, a company that has been around as long as the internet has. It should have taken every precaution to protect personal data that people had trusted the company with. Questions are being asked ‘how over a billion users could have been compromised with such weak cyber defences’. The US Securities and Exchange Commission is investigating whether Yahoo! has complied with current filing requirements, and by November 9, 2016 23 lawsuits had been filed against the company.
As if this wasn’t enough, Verizon Communications had approval to purchase Yahoo! for $4.8 billion in a deal that was set to close in March 2017. This deal was negotiated in July 2016 prior to the announcement of the breaches. Now with the company’s reputation having ‘suffered online in the last few months’ a change in this deal to reflect the impact of these breaches seems inevitable.
The internet has come a long way since the pioneering days in January 1994 when Yahoo Inc. was founded. It has matured to become an essential, integral part of the infrastructure of any serious business today. We in business rely on keeping at least one step ahead of those on the dark side who see increasing value in our data and will stop at nothing to hack our systems and gain access. The speed of change on the cybersecurity frontline puts this topic high up on the agendas in corporate board rooms. You may not know when your systems have been breached, and you may not even be aware of what the consequences are if your defences have been breached. Yahoo! didn’t know for nearly 2 years. As leaders, we cannot be complacent about the consequences of a breach of our systems. To do nothing is not an option. It takes extra vigilance and specialist expertise to shore up our frontline and defeat the dark side.
Yahoo! may well survive what 2016 brought, but it has been dealt a nasty blow by the dark side. We can all thank them for an important lesson in cybersecurity.
May the force be with you
Note: Google chrome users will need to install the RSS extension
Michael posts on topics relating to organisational growth and excellence
Sign up below to receive my future posts and offers