Thales Blog

Lessons To Consider From Yahoo Voices Password Breach

July 23, 2012

It’s now a week since web giant Yahoo suffered a reported breach of its systems. Whilst the company has remained tight lipped over the event, several sources cited hacking collective D33D as the perpetrators of the incident and stated that an SQL injection attack opened access to close to half a million unencrypted user passwords from a Yahoo web database.

The very fact is, this isn’t the first large brand that we’ve seen fall victim to a security breach, and it won’t be the last. And with every incident like this that happens, organizations worldwide are reminded of the changing threat landscape and the need for IT infrastructure to keep pace. As such, the starting point shouldn’t be – ‘if’ we get hacked, but ‘when’.

What each of these breaches tell us is that focusing on a defensive perimeter around a network will not and is not keeping the bad guys out anymore. Servers hold the crown jewels of enterprise information, such as databases, and organizations need to ensure the security and access control of that server data. For databases in particular, a combination of encryption and database activity monitoring (DAM) ensures organizations can rest assured that no matter how or where data exists on systems, or whoever’s hands it falls into, that information remains secure.

How do you think that organisations should be looking to address growing security concerns? Do you think that legislation is going far enough to encourage organizations to proactively defend against the problem? Share your thoughts here.