Following the recent news surrounding the Yahoo! security breach, IT security experts from Kaspersky Lab and Gigya commented below.
David Emm, Principal Security Researcher at Kaspersky Lab:
Customers that entrust private information to the care of a business should be safe in the knowledge it is kept in a secure manner. Whilst security solutions significantly mitigate the risk of a successful attack, there are also other measures businesses can take in order to provide thorough protection. These measures include running fully updated software, performing regular security audits on the website code and penetration testing the infrastructure. It’s crucial that businesses ensure that all passwords are protected using secure hashing and salting algorithms. The best way for organisations to combat these types of cyber-attacks is at the beginning; by having an effective cyber-security strategy in place before the company becomes a target.
Consumers have no control over the security of their online providers. However, they can mitigate the risk of a security breach. We would recommend that everyone uses unique, complex passwords for all their online accounts. It’s a growing concern that many people use the same password and personal details across multiple online accounts, meaning if their details have been compromised by one attack they could find other accounts suffer too. We would also urge people to take advantage of two-factor authentication, where a provider offers this.”
Richard Lack, Managing Director at Gigya:
“The outcome for Yahoo could be disastrous. A pending acquisition of the company by Verizon Communications could be at risk. The FBI is investigating. And some security experts are advising people to stop using services such as Yahoo Mail. The biggest loss for Yahoo, in my view, is trust.
“In the online world, customers need to share their identity – email addresses, personal preferences, credit card numbers, etc. – to connect with the businesses that provide them goods and services. If customers can’t rely on a business to protect that data, then trust is lost. In other words, identity is the currency of trust.
“Yahoo undoubtedly could have done a better job of protecting customer data, but breaches can happen to anyone – there is no magic bullet in security, and no organisation should regard their infrastructure as impenetrable.
“Trust is earned in drips and lost in buckets. As the Yahoo hack dramatically illustrates, every business that wants to build online relationships needs to make protecting customer identity a priority – or risk losing trust in an instant.”