Lessons from the Yahoo hacking
Posted on Monday, December 19, 2016
News that Yahoo! has been the victim of the world’s largest cybersecurity attack has sent shockwaves through the IT industry.
Over 1 billion user accounts are thought to have been compromised in what some commentators are suggesting was a state sponsored attack. Embarrassingly, it has taken nearly three years for the breach to be discovered.
The vast majority of the compromised user accounts are thought to belong to individual consumers, but Yahoo! has not released many details about what was compromised, or how. Despite this lack of information, there are several lessons for enterprise-class businesses.
1. Encryption at rest is vital
Whether the stolen Yahoo! account data was hacked or not is irrelevant at this point. What is clear is that the stolen information was not encrypted. Everything taken by the hackers is openly readable – and therefore usable (or saleable).
Despite everyone’s best efforts, security defences are not invulnerable. Given enough time and resources – and potentially state backing – hackers will get in. This is why applying at rest encryption is just as important as deploying in transit protections; if criminals get in, there’s nothing of value to take out.
2. Major cloud vendors are a cybercriminal magnet
Major service providers attract disproportionately high levels of attention from hackers because of the increased rewards available. With so many accounts and data concentrated in one place, investing time and effort into breaching a major provider makes good financial sense.
Businesses in the process of moving more of their infrastructure to the cloud may need to reconsider their choice of provider before committing further. Are large cloud set-ups like Amazon AWS, Microsoft Azure and Google sufficiently protected to keep your data secure? And do you have the right security provisions in place behind their firewalls?
It may be that the concentrated risk is too great, and an alternative on-site software defined private cloud is actually more secure, simply because it is less likely to be attacked.
Some good news
Perhaps the only good piece of news from the Yahoo! attack is the fact that none of the stolen account details have been published or sold on the dark net as yet. Obviously this could change at any moment – but it also means that a foreign state is probably in possession of the data instead.
To learn more about your on-site cloud data protection options, please get in touch