Lessons from Yahoo Data Breach Debacle: How to Block Breaches and Minimize Their Damage

Enterprise IT, Security
Hacker Login Screen Data Breach

While Denial of Service (DoS) attacks and disabling malware are IT nightmares, what really keeps IT pros (and the execs they report to) up at night are data breaches. And that means a lot of restless nights. These breaches are growing in number and impact.

If you have any doubt, look at what just happened to Yahoo! This December, the tech giant disclosed that over 1 billion accounts were compromised. The crazy thing is this hack happened some three years ago! And hackers gained a treasure trove: customer names, birth days, phone numbers, as well as their encrypted passwords and encrypted security questions, which serve as a second layer of authentication.

These breaches are scary, but even more terrifying is the unknown. Did you know that many breaches are never discovered, and the victim doesn’t know that thieves have, and have probably sold, confidential data? In relatively better circumstance, the breach is only discovered months after it occurs, after the damage is done. After all, it took tech-savvy Yahoo! close to three years to discover its massive hack.

Dealing with the Aftermath

Most IT organizations, and the corporate staffs they report to, are not trained in proper data breach recovery protocols. In fact, in many cases companies react all wrong, or so argues a crisis management expert who spoke at the Unintended Consequences: Impacts of the Internet of Things (IoT) & Big Data conference.

“I am going to ask you to throw away every rule of crisis management you have ever known, as we explore how cybercrime is rewriting the crisis management rule book,” said Davia Temin, CEO of Temin and Company in the conference’s keynote address. The most dramatic revelation: admit to customers that you have a problem.

This last point may seem counterintuitive to some who’d rather the problem just disappears. After all, the publicity about breaches can be crushing to corporate reputations. The good news is now corporate management is pushing IT to be on the offense ― be more proactive in blocking breaches ― and hold IT more accountable when the bad guys bust through.

How you handle a breach can either further tarnish or actually burnish your reputation. If customers fall victim to your breach, such as having their confidential data stolen (and maybe used against them), they are going to find out – there are legal obligations to inform them. And expect them to be, shall we say, displeased. Understand this and minimize the anger by being as transparent and responsive as possible.

Tell them what happened as soon as possible, how it happened (as much as you know or can disclose due to concerns about future hacks), the customer impact, and most importantly, what you are doing to make things better. This approach will help save your reputation, while having the breach notification come from a press report can help destroy it.

Notifying customers also means being upfront with the media, as much as that may hurt.

Challenges Finding a Breach

We mentioned earlier how long it can take to discover a breach. Unlike malware which shows its face immediately, a data breach usually involves the theft of data which can be done quietly. In fact, hackers don’t want you to know they have your credit card or confidential data while they are busy trying sell it or otherwise exploit what they’ve stolen.

Here’s the bad news. According to The Poneman Institute, it takes the victim an average of 256 days to find out they’ve been had.

Insider Breaches Even Harder to Find

While outside hacks can be tough to find, the nefarious work of insiders is more vexing. In these cases, there is no actual network breach – just a breach of your data from inside the network.

There are several reasons why insider-based breaches are so prevalent. For one, it is easier for insiders to access confidential data. Two, they know where the important stuff lies. And three, employees often have an ax to grind – passed over for a promotion, hate their boss, or are otherwise angry. And they are key targets for those conducting corporate espionage looking for that perfect mole.

There is also insider negligence. According to the Ponemon study: “Forty-seven percent of incidents involve a malicious or criminal attack, 25 percent concern a negligent employee or contractor (human factor), and 29 percent involve system glitches that include both IT and business process failures.”

CompTIA also sees the human equation. It found that 52% of breaches are due to human error, which included falling victim to social engineering.

The answer? Treat your employees with as much caution as you would an outsider. By employees, we mean all employees. Management and IT staff are key sources of insider breaches. That means be careful of who gets admin and other top-end privileges, and who can access what. It also means having a way of tracking, auditing and reporting on who does what on the network. At the same time, train employees to resist social engineering, phishing and other attacks.

Wait! There’s More

While it seems odd that more copies of your data can protect against breaches, in some case it can. That’s because not all breaches are about stealing data – some are about keeping it hostage. Ransomware is one such technique. While largely aimed at consumers, ransomware can and does target SMBs. Here your data is essentially locked up so you can’t reach it, and access is only granted after you’ve paid off the hacker. Having multi-tier backup means you can still operate, even if a hacker has locked up one copy of your data – and avoid the cost and irritation of paying a ransom.

Breach Costs Rising

The costs of data breaches is rising dramatically as these attacks become more effective, stealing more data in a single swipe. While most of the research focuses on the costs to enterprises, these lessons apply to SMBs as well.

The Ponemon study found that on average it costs an enterprise $3.8 million to clean up after a data breach, and these cost have risen 23 percent in recent years.

While it may not cost an SMB nearly $4 million for their breach, SMBs are more vulnerable to attack, with fewer layers of security. So while the price tag may be smaller, the consequences can be far larger.

Kaseya VSA Offers Strong SMB Protection

Kaseya VSA is an IT system and endpoint management solution for IT.  VSA can increase device uptime, performance and security. VSA supports remote management and securing of your devices which is done through a single console – the elusive single pane of glass.

With Kaseya VSA, IT pros can also harden their systems against outside attacks and better monitor suspicious behaviors:

  • Perform patch management. The easiest PCs to attack are those that aren’t patched.
  • Maintain and run antivirus/anti-malware tools. Malware is still the number one way systems are compromised. Up-to-date antivirus/anti-malware is the best line of defense.
  • Discover, audit, inventory and monitor clients, servers and the network. This way, IT staff knows they have full visibility into their network and all attached devices, as well as real-time status on all operating details for these devices. Any issues or deviations from normal operating conditions can be identified by VSA, with proper remediation deployed and/or alerts sent to IT staff.

The great news is all that all these benefits can be automated, based on predefined policies that you set and manage based on your business’ needs.  For example, patch updates can automatically downloaded and installed based on predefined patch policies and schedules that minimize network impact. This saves IT time and money, and insures that these processes happen on schedule.

Learn more about Kaseya VSA here, or get a free trial.

AuthAnvil Multi-Factor Authentication

To help block breaches, Kaseya AuthAnvil provides two- and multi-factor authentication – as well as the ability to encrypt all user passwords and the data as it is transmitted.

There are two other layers of authentication protection. AuthAnvil includes single sign-on (SSO) which makes it easier for end users to log-on securely to multiple services. And password management enforces key issues such as strong passwords, frequently changed passwords, and decommissioning a password when an employee leaves.

To learn about Kaseya AuthAnvil Multi-Factor Authentication: Click Here
For details on Kaseya AuthAnvil Single Sign-On: Click Here

Posted by Doug Barney
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.

Patch Management Policy Features, Benefits and Best Practices

In 2020, Ryuk Ransomware operators shut down Universal Health Services by exploiting the zerologon vulnerability to gain control of domainRead More

Endpoint Security Basics: What It Does, How It Works, Controls, Technologies and More

Each new endpoint added to a corporate network expands its security perimeter, and since endpoints serve as gateways to aRead More


Endpoint Protection: Why It’s Important, How It Works & What To Consider

Endpoint protection, also known as endpoint security, involves the use of advanced security tools and processes to secure various endpointsRead More

IT Risk Assessment: Is Your Plan Up to Scratch?

A risk assessment is a process by which businesses identify risks and threats that may disrupt their continuity and haltRead More

Download the 2022 IT Operations Survey Report - Click Here
2022 Benchmark Survery Results