Yahoo: One Billion Exposed

There were one billion accounts compromised in the latest Yahoo breach, disclosed just this past week. This represents the largest data breach in history. The largest to date, prior to that? The previous Yahoo breach, disclosed in September, which impacted 500 million users. With numbers so high, it’s easy to become desensitized, forgetting that behind these numbers are real people, with important, sensitive, often critical, data suddenly exposed and free for the taking.  With each breach that hits headlines, there’s always a key takeaway to bear in mind, particularly for enterprises who have a lot to lose if breached.

What this latest breach disclosure by Yahoo underscores is an interesting trend where hackers are breaching user accounts, not necessarily to infiltrate corporate networks and applications, but to grab highly sensitive data hiding in email and other unstructured file stores. Think about all of the highly sensitive files that could be lurking in these breached Yahoo email accounts: incredibly sensitive tax or financial statements, personal healthcare data, even banking or credit card information.

And that’s what hackers are after today: sensitive data that is ripe for the taking. With analysts estimating that unstructured data comprises 80% of all enterprise data today, this is an incredibly big challenge for companies today who lack proper visibility into the data stored there. Not only do companies struggle to understand what data even lives in these unstructured data stores, but because hackers often steal copies, it’s sometimes impossible to know what data was even taken. And, even if you identify and stop an attack, the data is still in the hands of the bad guys.

What this means is that in 2017, not only will we see even more attacks targeting data stored in unstructured systems, but that it is critical that identity becomes the focal point for securing data stored in both corporate systems and unstructured databases, emails and files stores. Understanding who has access to your data, and how they are using that data is critical – no matter if that data lives in a corporate application or system, or in an unstructured system like email.

The upside here – and there is an upside – is that, with the right visibility into all of that unstructured data and who has access to it, enterprises can get ahead. With a strong data access governance program in place, IT suddenly has that much-needed (and previously lacking) visibility into all users and all of their access, to both applications and data. The data piece is key. This is what hackers are eying up more and more often, not just user accounts but the data they have within those accounts. With this visibility, if and when an organization is faced with a breach (or breaches), that visibility gives them the power to quickly make the right decisions, minimizing the impact of the breach before it reaches hundreds, millions, and in the case of Yahoo, billions, of users.