Yahoo shows its lack of awareness in terms of correct handling of cyber attacks

Comment by Sergej Schlotthauer, CEO of EgoSecure

The fatal attack at Yahoo is an example of poor management of data leakage. Sufficient measures were not taken since the ailing internet giant has been focussing on other seemingly important issues for years. It has come to a successful attack, but it´s not clarified sufficiently and Yahoo tries not to take the issue into the public.

At the same time, Yahoo has not managed to turn the corner businesswise and is faced with a hostile takeover. But since one has made strategic mistakes in the security architecture and IT security topics had at no point been valued properly, the takeover also threatens to fail. The Yahoo brand has taken severe damage and continues to lose market value due to the headlines about data loss.

More prudence in planning and development of  own security architecture

Loss of personal information one should never ignore and hide unnecessarily. Due to the new EU privacy policy regulation (GDPR), organizations are even obliged to inform the person concerned. Infringements are subject to heavy fines of up to 4 percent of annual sales.

Trends like BYOD or migration to the cloud open up new attack ways. Companies have responded to this by always buying new security solutions. Over the years many IT departments were overloaded with tools and security alarms. Therefore, it is no surprise that there are a lot of security solution providers from around the world in the market.

In the long term, of course, this leads to problems for companies. Therefore, a down-to-earth and solid planning is important. Security officers should look behind the facade of advertising and marketing offers and determine their individual expectations of their own security architecture. The requirements are constantly changing, yet long-term development with the right security partner is indispensable. At the same time internal mechanisms have to work after each attack or in the discovery of an attack to reduce the chance of a future cybercriminal attack.

The GDPR is just one example of new legislation relating to the protection of digital information. The changing threat landscape leads to many new policies and compliance requirements. Companies are under pressure and need to enforce appropriate policies. That is why security architectures must be coordinated, otherwise a hedge is very troublesome. Although individual security solutions often seem innovative, they were often developed for another issue or do not comply with the regulations in the German market.

Conclusion

Many organizations see new regulations in the area of cyber security as a burden. However rethinking and more awareness is urgently needed because the concealment of data break-ins is not a solution.

Many motorcyclists have complained about the introduction of the helmet law in 1976 in the Federal Republic of Germany. Here, the step was urgently needed, since studies have shown an increasing number of deaths. The shift in consciousness goes so far as today most cyclists wear helmets also without legal compulsion. Practice has shown that rapid progress with better security mechanisms is feasible – this also applies to IT security.