• United States




What have we learned from the Yahoo breach?

Oct 11, 20163 mins
CyberattacksCybercrimeData Breach

What level of preparedness is your organization able to perform today?

sandbags flood protection breach
Credit: Thinkstock

The recent data breach at Yahoo can be an eye opener for many enterprises with respect to the devastating implication data breaches can have on an organization’s bottom line and its brand reputation. The massive Yahoo data breach pushed Verizon to ask for $1 billion discount on the original acquisition of Yahoo while the deal is still in progress.

What have we learned from this or similar cybersecurity data breaches? And how much impact can a data breach cost an enterprise? According to the Ponemon Institute Study, the cost of a data breach varies by industry and the average per capita cost was $221 in the US with average total organizational cost at $7.01 million. The more records that are lost forces the departure of customers. In addition, the post data breach response costs go higher including helpdesk activities, communications, investigation, remediation, legal expenditures along with pressure from regulatory body interventions to review the cybersecurity preparedness and identify the gaps that resulted into the successfully data breach.

Yahoo’s data breach was reported once the stolen data records were already put on the sale on the black market. And then as usual Yahoo recommended that its users change their passwords. The question remains unanswered as to why it took so long for an internet savvy organization to prevent and detect the breach – believe to be leveraging latest and greatest cutting-edge technologies.

But this is exactly what happens whenever a cybersecurity breach surfaces. Given the sheer volume of data breach hacks, it’s highly likely that one or more hackers will penetrate an organization’s defenses. It requires a strategy to further strengthen prevention, detection and comprehensive response processes to keep pace and re-think the nature of cybersecurity with a holistic approach where cybersecurity is considered part of business objectives and a priority.

Are you prepared to minimize these skyrocketing data breaches? And what level of preparedness can your organization performed today?

According to the recent AT&T/IDC Global Cybersecurity readiness survey, there are four levels of security preparedness that companies can be:

Progressive: This is the highest level of security readiness, in which C-level executives pay closer attention to the security and invest a holistic, comprehensive prevention and response strategy.

Proactive: Organizations with above-average levels of security readiness realize the importance of IT security and have put in place basic steps to avoid breaches.

Reactive: At the organization with below-average levels of security readiness, C-level executives pay moderate-to-little attention to security while delegating security expertise and day-to-day management to IT.

Passive: The least-prepared organizations are run by executives who take a hands–off stance. They tend to be unaware of most breaches and reactive in response to breaches they do detect.

The progressive organization represents the highest level of cybersecurity maturity and these organizations share several key qualities that help them to rise to the top when it comes to be prepared in today’s cybersecurity threat landscape. The C-level executive organizations understand the fact that they’re the targets for the cyber breaches, and this mindset enables them to take a more pragmatic approach to incident planning and response. These organizations are more likely to focus as much on readiness assessments and diagnosis planning as they do on the post-breach diagnosis and responses.

Moreover, these organizations perform near-constant security reviews and use third-party service providers to supplement the bandwidth of their internal security team as well as to bridge the skills gap. Companies would exhibit better business outcomes, grow confidently and gain the highest level of customer confidence at the market place.


Ajay Kumar is an information security and risk management consultant with more than 15 years of experience in various industries. Ajay has predominantly worked on initiatives involving enterprise mobile security, cybersecurity, data protection and privacy, security operations, security analytics and identity and access management.

The opinions expressed in this blog are those of Ajay Kumar and do not necessarily represent those of IDG Communications Inc., or its parent, subsidiary or affiliated companies.

More from this author