vlog

NOWCAST vlog News at 10pm Sunday Night
Watch on Demand
Advertisement

US companies aren't doing enough to secure their data, says infosec expert

Two Russian intelligence officers and two hackers are being charged with the 2014 Yahoo data breach that impacted at least 500 million users
Abigail Elise
National Curator
US companies aren't doing enough to secure their data, says infosec expert

Two Russian intelligence officers and two hackers are being charged with the 2014 Yahoo data breach that impacted at least 500 million users

Advertisement
US companies aren't doing enough to secure their data, says infosec expert

Two Russian intelligence officers and two hackers are being charged with the 2014 Yahoo data breach that impacted at least 500 million users
Abigail Elise
National Curator
US law officials on Wednesday announced that two Russian intelligence officers and two hackers were being charged with the 2014 Yahoo data breach that impacted at least 500 million users. The hack targeted the accounts of Russian and U.S. officials, Russian journalists, and employees of financial services and other businesses, according to the Department of Justice. Yahoo didn't reveal the breach until September last year. Just three months later, the Sunnyvale-based company admitted a separate hack in 2013 that affected one billion accounts, including some that were also infiltrated in 2014. Earlier this month, Yahoo announced its third breach of 32 million accounts that were accessed from 2015 to 2016. "Corporations in general do not do enough to secure their data and mitigate breaches," cybersecurity expert and CEO of Route1 Tony Busseri told us Thursday. "This is largely because they have no motivation to do so, as they are quite simply not held accountable for security shortcomings. In contrast, the U.S. federal government has done a better job of implementing stringent cybersecurity requirements for its own civilian and defense agencies, but similar protocols have not been applied for corporate America." Route1 is a US and Canada-based cybersecurity firm that protects user authentication and data for government agencies and businesses. "Not enough has been done at the federal level to hold corporations accountable for their security failings," Busseri added. "I suggest that government and corporate entities work together to enact a security sea change, and deploy their collectively massive resources and influence. If enterprises are not held accountable for their security lapses, this change will never occur." According to US officials, the Yahoo hackers took their time - delving deeper into the company's network over a period of months or years. This allowed them to create "skeleton keys" to "unlock" accounts and other email services. Last year, worldwide spending on cybersecurity reached $81.6 billion. So, why do data breaches continue to occur? "Employees often use their personal devices in a manner that risks data loss or leakage for the enterprise – in most cases inadvertently," Busseri explained. "Companies must therefore invest in technology solutions that allow their workforce to utilize their devices while eliminating the human risk factor." Corporate data should never be stored on mobile devices, even if it's encrypted, Busseri advised. "Malicious parties can gain access to that sensitive information should the device fall into their hands. In other words, sensitive data stored on a personal device is vulnerable to theft." Busseri is a strong advocate of two-factor authentication, which "validates user access through a combination of something they know, such as a password, and something they have, such as an enterprise-issued smart-card." Passwords can be hacked, proven by Yahoo's recently-announced cookies breach. "Passwords alone do not adequately restrict access to sensitive data by unauthorized parties," the CEO explained. "We have witnessed this through countless instances of stolen mobile device passwords being cracked by hackers, often resulting in massive data breaches."
SUNNYVALE, Calif. —

US law officials on Wednesday announced that two Russian intelligence officers and two hackers were being charged with the 2014 Yahoo data breach that impacted at least 500 million users.

The hack targeted the accounts of Russian and U.S. officials, Russian journalists, and employees of financial services and other businesses, according to the Department of Justice.

Advertisement

Related Content

Yahoo didn't reveal the breach until September last year. Just three months later, the Sunnyvale-based company admitted a separate hack in 2013 that affected one billion accounts, including some that were also infiltrated in 2014. Earlier this month, Yahoo announced its third breach of 32 million accounts that were accessed from 2015 to 2016.

"Corporations in general do not do enough to secure their data and mitigate breaches," cybersecurity expert and CEO of Route1 Tony Busseri told us Thursday. "This is largely because they have no motivation to do so, as they are quite simply not held accountable for security shortcomings. In contrast, the U.S. federal government has done a better job of implementing stringent cybersecurity requirements for its own civilian and defense agencies, but similar protocols have not been applied for corporate America."

is a US and Canada-based cybersecurity firm that protects user authentication and data for government agencies and businesses.

"Not enough has been done at the federal level to hold corporations accountable for their security failings," Busseri added. "I suggest that government and corporate entities work together to enact a security sea change, and deploy their collectively massive resources and influence. If enterprises are not held accountable for their security lapses, this change will never occur."

According to US officials, the Yahoo hackers took their time - delving deeper into the company's network over a period of months or years. This allowed them to create "skeleton keys" to "unlock" accounts and other email services.

Last year, worldwide spending on cybersecurity reached . So, why do data breaches continue to occur?

"Employees often use their personal devices in a manner that risks data loss or leakage for the enterprise – in most cases inadvertently," Busseri explained. "Companies must therefore invest in technology solutions that allow their workforce to utilize their devices while eliminating the human risk factor."

Corporate data should never be stored on mobile devices, even if it's encrypted, Busseri advised. "Malicious parties can gain access to that sensitive information should the device fall into their hands. In other words, sensitive data stored on a personal device is vulnerable to theft."

Busseri is a strong advocate of two-factor authentication, which "validates user access through a combination of something they know, such as a password, and something they have, such as an enterprise-issued smart-card."

Passwords can be hacked, proven by Yahoo's

"Passwords alone do not adequately restrict access to sensitive data by unauthorized parties," the CEO explained. "We have witnessed this through countless instances of stolen mobile device passwords being cracked by hackers, often resulting in massive data breaches."

Top Picks

It's a girl! Shohei Ohtani of the Dodgers is now a father
30 years after the Oklahoma City bombing: Learn more about the 168 people who were killed
A look at what happened in the US government this week
Get the Facts: Autism rates rose to 1 in 31, this is the CDC data