COMPROMISED, YET AGAIN!
The recent news of Yahoo breach of 1 billion accounts compromised is the biggest in its infamous history. It throws up completely unpalatable questions both for the users and for the regulatory mechanism. With every subsequent breach, the new normal, is pushed further, which has been happening with an alarming regularity. Cyber Security happens to be the single biggest threat we face, given our total dependence on digital technology.
Firstly, the hack pertains to the year 2013 and has just been made public. The breach to detection time which as per research is at an average of 210 days. The company does not disclose exactly when the intrusion became known. The user accounts remained compromised for this long period of time with consequences which cannot be accounted for, now.
Secondly, the detection took place only on the information provided by the law enforcement. What is the nature of security which cannot detect breach, leave aside preventing it? Strangely enough, this breach might be related to the theft of the Yahoo!’s proprietary code. It’s seems to be a free for all.
Thirdly, email access provides access to lots of personal information and cannot be treated as a innocuous breach which numbers tend to imply.
Fourthly, the response of companies doesn’t seem to be in place judged either by increasing threat surface area as is demonstrated by the recent attacks or their capability at stock taking by way security audit.
Fifthly, the end to end encryption is still a long way off. Unencrypted data is the biggest curse, being proved again and again.
RESPONSIBILITY & ACCOUNTABILITY HAS TO BE LEGALLY FIXED FOR IMPROVING THE CYBER SECURTIY ECOSYSTEM.