Risk and Compliance Blog

Yahoo - A Data Security Nightmare

Written by Joe Boyhan | Mar 7, 2017 4:29:01 PM

 

Last week, Yahoo Inc’s CEO Marissa Mayer agreed to forego her cash bonus reportedly as part of the latest fallout from the 2014 Yahoo data breaches. The decision was reached after an independent committee found that senior executives “mishandled” the breach. It was also reported that Yahoo’s top lawyer, Ronald bell, resigned following the review.

These developments only add to the hangover that Yahoo has been faced with following last year’s revelations that over 1 billion user accounts had been hacked in two separate security breaches. Much criticism has been made of Yahoo’s handling of the breaches, which apparently prompted the recent review.

The cost associated with these breaches is in the hundreds of millions. While it is hard to put a price on the loss of consumer trust in the Yahoo brand, it is easier to measure the reported $350 million reduction in purchase price that Verizon have offered in the wake of the data breaches.

These breaches are a prime example of the high cost associated with an IT breach. Companies are sometimes reluctant to spend on IT and Data Security when budgets are tight. We can all appreciate that the investment in IT and Data security cannot be directly correlated to an increase in revenue in the same way as an increase in marketing or sales budgets. This would appear to have been the case at Yahoo, where it is reported that the security teams request for increased spend was regularly rejected. Ironically the Yahoo security team were purportedly referred to internally as ‘The Paranoids’. It was also reported that ‘The Paranoids’ routinely moved to work in security for other tech giants such as Facebook and Google.

One silver lining from these breaches is the hope that they will act as a wakeup call to the boardroom and encourage management to recognize the importance of IT and Data Security. While spending on security may not provide an immediate return on investment, the potential ramifications of poor practice and under-investment could be very damaging to the organization. In this case, it has resulted in hundreds of millions wiped from the investors shareholding due to the reduced purchase price, a loss in consumer confidence, a decline in users, and a drop-in share price.

Is your organization secure? Read our recent blog post on the Top 25 Most Common Passwords of 2016.

Sources: Source 1, Source 2