‘Paranoid’ versus ‘Prepared’: identity key in navigating cyber security

‘Paranoid’ versus ‘Prepared’: identity key in navigating cyber security

‘Paranoid’ versus ‘Prepared’: identity key in navigating cyber securityBy Kevin Cunningham, President and Co-Founder at SailPoint

Following the events that saw Yahoo! become victim to the biggest cyber crime breach in history, questions immediately began to arise on why this was allowed to happen, how this hack would invariably effect day to day business and more importantly how the company would now navigate the pipeline of mergers and acquisitions it had in place.

From the off potential partner Verizon revealed that its legal team had begun an investigation into the impact of the data leak and how this would affect its acquisition ambitions with Yahoo!. Sources believe this will be a long-term inquiry in which the company will look to trawl through the data sets and decipher whether this event will jeopardise the potential £3.8 billion deal.

It’s no surprise that a breach of this magnitude – 500 million identities compromised – will have a lasting impact. Large-scale breaches at LinkedIn and Dropbox in the past have had continued fallout. Dropbox was breached well over four years ago and just now the true impact of that breach is coming to light: nearly 70 million accounts were impacted. But for Yahoo! this breach could not have been at a worst time. If the Verizon acquisition does in fact fall through, this breach may well set a historic precedence around the importance of securing user identities.

Beyond the lasting business and reputational impact, shining a light on some of Yahoo!’s internal security practices, that consequently left the company vulnerable, is a must. According to a New York Times article, the company had taken a fairly lax approach to securing identities, a common problem that companies of all kinds face when there are too many priorities competing for attention. As for example, Yahoo! did not enforce a strict password reset among employees. Having this internal control in place, among all users, would have minimised the overall impact of the breach.

While it might seem tempting to put security measures on the back burner in favour of more pressing initiatives that have visibility benefits to the business in the short term, the fact is, security awareness and internal controls cannot no longer be pushed to the side any longer. In our current reality, where so many breaches are driven by improper user access, weak passwords, orphaned accounts, contractor access to sensitive systems – and the list goes on – security awareness is something that just cannot be deprioritised. The potential results of not prioritising such practices are simply too catastrophic.

So while I’m not of the mindset that we need to live in world full of paranoia (the IT security team at Yahoo was called ‘the Paranoids’), we do need to be prepared. Something as simple as strong password management policies readily enforced, asking employees to make their passwords long and complex, unique to each application or system to which they have access, and to refresh each password at certain intervals throughout the year, could save a company from a data breach. Enforcing those policies doesn’t have to pit IT security teams against ‘them’ (the rest of the company), those policies can and should be embedded into the culture of the company as a means of preparedness. Just as you’d prepare for a family holiday abroad by making sure your doors and windows are secure, that your passport and other important identifying documents are packed safely in your carry-on, and that your car is locked before you walk into the airport terminal from the parking lot, planning ahead for a possible security breach is a means of preparing versus the symptom of sheer paranoia.

The idea of embedding security into the culture of the company is something which businesses must take to their core moving forward. In today’s society where we hear of breaches almost every day, a robust security awareness training program is now crucial to engage employees in internal security policies. Instead of it being a cumbersome mandate, the goal should be to make security approachable, easy to understand for every employee and relatable to every person’s function within the team. Instead of security awareness being met with lots of eye rolling as just another ‘item’ to tick off the to-do list, it’s meant to be something the entire company can rally around versus our security team coming across as the paranoid few. Because, at the end of the day, it doesn’t matter which industry you are in, how well known your company brand is (or isn’t), how large or small your organisation is – no organisation is exempt from the possibility of a data breach. Taking the extra steps to make security awareness second nature for employees is just one step in the right direction for companies today. This step doesn’t make you a paranoid organisation, it makes you prepared.

[su_button url=”https://www.sailpoint.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]For more information on SailPoint click here[/su_button]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

shutterstock_558986929-2

ThetaRay continues global expansion with Mexico office launch

New Location to Provide Dedicated Support for Latin American Banks Using ThetaRay’s IntuitiveAI to Detect Financial Cybercrime

Insight into the myriad of risks challenging personnel security in 2019

Healix International has published a report outlining potential security risks in 2019 facing businesses that have employees working and travelling abroad.
healix

Insight into the myriad of risks challenging personnel security in 2019

Healix International has published a report outlining potential security risks in 2019 facing businesses that have employees working and travelling abroad.

Channel steps up to security challenge

Channel-Sec 2019 has been designed to explore the changing threat landscape and the opportunities it creates.
Channel-Sec

Channel steps up to security challenge

Channel-Sec 2019 has been designed to explore the changing threat landscape and the opportunities it creates.
SailPoint

SailPoint names Andrew Kahl as Chief Customer Officer

SailPoint Technologies Holdings has recently announced the appointment of Andrew Kahl to the role of Chief Customer Officer.

SailPoint names Andrew Kahl as Chief Customer Officer

SailPoint Technologies Holdings has recently announced the appointment of Andrew Kahl to the role of Chief Customer Officer.
SANS

SANS Dubai 2019 helping to develop strong talent to address region’s cyber security skills shortage

SANS Institute has announced that it is holding its next renowned immersion-style Cyber Security Training program in Dubai.
ESET

No More Ransom, a global anti-ransomware initiative, announces ESET as new partner

ESET has been announced as the latest partner of No More Ransom – the Dutch National Police and cybersecurity organizations in the fight against ransomware.

No More Ransom, a global anti-ransomware initiative, announces ESET as new partner

ESET has been announced as the latest partner of No More Ransom – the Dutch National Police and cybersecurity organizations in the fight against ransomware.
Scroll to Top