|
Former Yahoo CEO Marissa Mayer apologized today at the Senate Commerce, Science and Transportation hearing regarding massive data breaches at the internet company, blaming Russian agents. David Shepardson [reporting](http://www.reuters.com/article/us-usa-databreaches/former-yahoo-ceo-apologizes-for-data-breach-blames-russians-idUSKBN1D825V) in Reuters: “Verizon [which] acquired most of Yahoo Inc’s assets in June ... disclosed last month that a 2013 Yahoo data breach affected all 3 billion of its accounts, compared with an estimate of more than 1 billion disclosed in December. In March, federal prosecutors charged two Russian intelligence agents and two hackers with masterminding a 2014 theft of 500 million Yahoo accounts, the first time the U.S. government has criminally charged Russian spies for cyber crimes.”
Sponsored byCSC
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byRadix
Sponsored byWhoisXML API
Sponsored byIPv4.Global
Sponsored byVerisign
If you have ever raised or observed children, you already know that it is a very human thing to try to blame others. While Ms. Mayer has rightly apologized for the breaches at her former company during her watch, she also goes on to blame “the Russian agents for at least one of them”.
Perhaps one day my words may come back to haunt me, but as the President of a huge tech company, Ms. Mayer must also accept the blame for the very circumstances allowing these breaches to occur in the first place at her company. “Bad guys” have and always will exist, it is how we deal with them before and after attacks occur which matter most.
Though, depending upon the type and scope of information taken by the attackers, the fallout from this for Yahoo! and its users may actually be relatively small. Certainly not even close to the scope of the far more serious and far reaching Equifax breaches.
Even so, three billion IDs compromised in two data breaches seem far beyond the fault of simply the attacker. In this day and age of admiring Internet entrepreneurs who claim to have developed their now multi-billion dollar platforms “over a weekend”, these kinds of events will certainly not be the last we encounter.
Before blaming others for these breaches, we need to look inward. After the fact, we need to ask ourselves, was it a human failure, something our own code, standards we failed to implement properly (or at all), our business rule set or was it something else we did or could have prevented?
Ideally, those questions wouldn’t be as important if we work to address them proactively. Through properly understanding, implementing and routinely reviewing best practices, we can minimize the likelihood of these events ever occurring in the first place.
In the final analysis, we must embrace that in every profession, especially so in technology, experience and fundamentals always matter.