Yahoo! data dump indicates need for web monitoring states Auriga

Yahoo! data dump indicates need for web monitoring states Auriga

Auriga, specialists in cyber security, technology and risk management, warned that the time taken between detection and response, as evidenced in the Yahoo! data breach, is creating an open window of compromise.

The Yahoo! data breach saw 500 million accounts compromised back in 2014 with the data then posted for sale on a dark web site called The Real Deal.

Yahoo! only discovered the breach after investigating a separate incident in August and chose not to disclose the breach for two months, creating a window of opportunity for hackers to sell on and exploit user credentials. The wider application of web monitoring solutions could help lessen this threat by closing the gap between detection and disclosure and diminishing returns for the malicious parties involved.

Organisations should be monitoring both the surface and deep web for indications of compromise. The deep web accounts for 96 percent of all web traffic and is not indexed by search engines effectively hiding it from view. The dark web is a subset of the deep web and comprises unregulated community sites, websites called .onions as well as black markets accessed via TOR anonymising software.

The threat posed by web data disclosure has been acknowledged by the Information Commissioner’s Office (ICO) which broke out cyber incidents for the first time in its data security incident trends analysis in June 2016. According to ICO figures, there were 50 cyber incidents during the first quarter of 2016 making this the fourth most common type of breach.

Of these, thirteen incidents were attributed to exfiltration ie the transfer of stolen data to another locale, while six were recorded where data had been detected on Pastebin. Monitoring legitimate surface sites such as Pastebin for evidence of corporate assets is a relatively simple way to increase vigilance and hackers will often use other surface web sites to publicise attacks such as in the case of the Ashley Madison attack which was announced over Reddit.

Detection and remediation of both surface and deep web sites is now possible using the next generation Security Operations Center (SOC). The Compass SOC can use various search critieria to monitor external networks such as references to company names, intellectual property and user credentials etc. but it can also factor in other variables. For instance, in the case of Yahoo!, the imminent merger with Verizon would have heightened the threat level to the company altering the search criteria. Following detection the organisation is then able to swiftly take action to minimise the effects of the attack, put security controls in place and inform and guide the user base.

Louise T. Dunne, CEO, Auriga said:

“The Yahoo! data breach joins the league of mega breaches such as Home Depot, Target and eBay all of which were tardy in both detecting and disclosing the compromise of user data. There has to be both more proactive external monitoring and better systems in place internally for communicating and acting on this information and that means using intelligent security solutions that are capable of policing networks and looking for indicators of anomalous or malicious activity. A next generation SOC is able to search those resources but crucially it also takes into account those business activities or geopolitical events that are going to have repercussions for the organisation, helping create a context-based search that really could shorten the timeframe between discovery and disclosure.”

[su_button url=”https://www.aurigaconsulting.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about Auriga[/su_button]

Georgina Turner image

Georgina Turner

Sales Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Graphic displaying a lockdown solution

Netgenium debuts next gen display and touchscreen technologies

Power-over-Ethernet (PoE) solutions specialist Netgenium will be showcasing its new range of IP…

ICT® Launches New TSL Access Reader Series

Integrated Control Technology (ICT®), a leading manufacturer of intelligent access control and…
Image Provided by Paxton

Paxton Partners with Skills for Security

The security technology manufacturer Paxton is proud to announce a partnership with Skills for Security…
Image Provided by ICT

ICT and Ingram Micro sign distribution agreement MEA

Integrated Control Technology (ICT), award-winning global manufacturer of intelligent electronic access control and security solutions..
Image Provided by Toshiba

Toshiba launches new HDD Innovation Lab

Toshiba Electronics Europe GmbH (Toshiba) has inaugurated a new HDD Innovation Laboratory (HDD Innovation Lab) at its site in Düsseldorf..
Image Provided by Verkada

Verkada Doubles Down on the Channel with Strategic New Hire

Verkada, a leader in cloud-based physical security, today announced the appointment of Micah Deriso as Head of Global Channel…
Image Provided by IPSA

IPSA Appoint Frontline Hero as Ambassador

Abdullah, the courageous security officer praised for foiling a horrific knife attack at Leicester Square, has been appointed as…
Image Provided by Codelocks

New Surface Latch from Codelocks

Codelocks is expanding its Gate Solutions by Codelocks range with the introduction of the new Codelocks’ Surface Latch…
Image provided by Genetec

Nicholas Smith to Lead Genetec UK and Ireland Operations

Genetec, provider of enterprise physical security software, announced the appointment of Nicholas Smith as its new Regional Sales Director…

News Desk

View all the latest, product, project and people news

News Desk

Click Here

Technology News

Keep up-to-date with the latest product innovation

Technology News

Click Here

Industry Sectors

Discover technology in action in all applications

Industry Sectors

Click Here

Enter The Awards

Showcase personal or organisation excellence

Advertise With Us

Reach decision makers and amplify your marketing

Advertise With Us

Click Here
Scroll to Top