Posted: July 9th, 2021
It is very clear that cybercrime has and will continue to grow exponentially as technology advances. Avast, a computer security company defines cybercrime as “any criminal activity carried out using computers or the internet” (Avast.com). There are many ways attackers are able to achieve this such as social engineering, virus and all types of malware among many others. As organisations and individuals continue to rely on digital technology to store their data and perform certain operations, so do criminals find new ways to perform malicious attacks and unauthorised operations with this information and technology. The Yahoo data breach is a perfect example of the implications of cybercrime to organisations, individuals and nations globally.
The most probable reason that Yahoo was a target for an attack by the assailants is because of the nature of emails. Emails are very widely used as a mode of communication. Whenever an email is hacked, the attacker has the victims’ information such as the address, telephone numbers as well as sent and received messages that may be sensitive and confidential. If the attacker continues to have unauthorised access, he or she could continue to receive and send messages to other people without his or her activities being discovered. It is possible for an attacker to perform a financial operation with a victim’s account. This makes mail operators like Yahoo and Google a big target for hackers. When done on a large scale like in this case, the data could be processed and used to make decisions to benefit the attacker, for instance, if an attacker got access to the mail of an entire organisation, it would be possible for him or her to anticipate their business move and even sell their plans to competitors. It is also possible that Yahoo was targeted for its minimal information security measures. They only had a password and a security question for security, it is possible it was just not that difficult or tedious to hack the company.
Organisations often choose to keep quiet about data breaches mostly because of their business viability in the market (Janakiraman 2018). In Yahoo’s case, the users would feel like their information was no longer safe and opt to move to other mail providers. The company would lose a large number of clients to this effect. While this may seem like a viable option, it is not often the right decision. Yahoo realised that the information obtained by the hacker was on sale on the dark web and now that causes a lot of problems. The first and major one is that these users are unaware that their information has lost their confidentiality and will continue sending confidential and sensitive information using the same compromised emails. The second is the idea that the public would come to know about the breach eventually but from a different source other than the one involved. These issues pushed Yahoo to disclose the breach and with that started to lose value in the stock, faith by customers and value of the company where Verizon reduced the deal by $350 million.
The after-effects of a data breach are even more damaging than the theft of data itself. First are the financial impacts of the breach such as paying back as compensation to customers what was stolen if at all it had monetary value. Next are fined by government organisations set up in place to safeguard the information that belongs to the public provided by the data protection regulation in most countries (Schuessler 2017). Lastly, reputational damage which was the biggest effect of Yahoo after the breach. Their reputation was ruined and business deals revised due to this cause and effect.
There is a first and fundamental rule in information security, “digital information on the internet can never be a hundred per cent safe” (Priyadarshini 2019). Cybersecurity experts have to deal with this fact. They can only reduce to a manageable level. It was possible for Yahoo to foresee some the possible breaches that could amount from the services they provided to their clients but there are plenty of parameters leading up to that. The major one is technology and its fast rate of change. A firewall that was effective last year might not be so effective this year and yet with every update and new installation is a rise in the business overhead for the organisation. Another problem is that if the Yahoo system applied all kinds of security measures for their clients, it would mean that the operability became even more complex. Digital information systems functionality reduces with increase in security (Priyadarshini 2019). So, yes it was possible to foresee a cyber incident by Yahoo security department and yes it was possible to avoid it but it does not necessarily mean that the company would not have faced other problems with regards to the measures they undertook.
For senior management, the biggest lesson from the Yahoo data breach is to invest proper resources and time in cybersecurity. A proper cybersecurity team can monitor risks, identify breaches in time and give proper recommendations in the event of an attack. Information security should be part of the development of any information system and not just as an afterthought when the entire process is complete (Kim 2016). Every employee needs to be properly trained in security be it digital or manual as anyone could become a part of social engineering by a malicious attacker.
Cybercrimes will continue to be a nuisance to organisations globally. Cybersecurity experts need to be as good as the hackers themselves in order to be able to prevent, stop or foresee attacks. Hackers invest a lot of resources to breach networks and applications and the same amount of resources should be given in organisations to their information systems departments.
References
Avast.com. What is Cybercrime? Retrieved on 13th September 2019 from https://www.avast.com/c-cybercrime
Janakiraman, R., Lim, J. H., & Rishika, R. (2018). The effect of a data breach announcement on customer behaviour: Evidence from a multichannel retailer. Journal of Marketing, 82(2), 85-105.
Kim, D., & Solomon, M. G. (2016). Fundamentals of information systems security. Jones & Bartlett Learning.
Priyadarshini, I. (2019). Introduction on Cybersecurity. Cyber Security in Parallel and Distributed Computing: Concepts, Techniques, Applications and Case Studies, 1-37.
Schuessler, J. H., Nagy, D., Fulk, H. K., & Dearing, A. (2017). Data Breach Laws: Do They Work?. Journal of Applied Security Research, 12(4), 512-524.
Place an order in 3 easy steps. Takes less than 5 mins.