Following the news about the Yahoo data breach, Piers Wilson, Head of Product Management at Huntsman Security commented below.
Piers Wilson, Head of Product Management at Huntsman Security:
“The big worry with these attacks is not that they happen, or even the size; organisations are constantly under assault from constantly varying cyber threats with increasingly large ambitions. Rather, it is that they can take so long to detect, and for organisations to admit the issue and inform those potentially affected. Indeed, even with the Ponemon institute putting the average time to detect a breach at six months, a delay of almost two years between a breach occurring and the public finally being notified is exceptional. When attackers have the advantage over defenders, the ability to swiftly detect and react to threats has become critical.
“If a business can spot a potential attack quickly, it can quarantine the affected systems or users and minimise the risk before any serious damage is done or before information starts leaking. With most organisations facing a blizzard of real and perceived threats, security teams need to rapidly and automatically triage these to identify the real risks – taking time to manually sort through every alert is impossible.
“Once a threat is identified, the next steps are crucial. Businesses are increasingly judged on what actions they take in the wake of a breach. If a business is insured against the effects of a cyber-attack; can rapidly understand the nature and limit the exposure or loss; can swiftly inform customers, minimising any potential harm; and even compensate them for any damage/loss/fraud, it will find the attack much easier to recover from, especially in terms of its reputation.
“Conversely, when customers and the media learn of a data loss through the attacker going public, and then have to wait months or even years for more information from the target business itself, the consequences, whether those are reduced customer trust, or a massive drop in value, are more severe. Indeed, from being one of the major forces of the internet, Yahoo!’s final legacy may be as a bedtime story warning other organisations of the consequences of a poor response.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.