The executives of the yahoo have been meeting with the CEO Marissa Mayer for the improvement of the company cyber security system, as it has disclosed two really huge breaches which happened late last year. Apart from that, the employees are receiving presentations from the Yahoo CISO Bob Lord on almost weekly basis. These all efforts are the company’s approach towards promotion of security for its upcoming accession by Verizon.
The concern over this breach on the executive level was observed little bit. Later on it was questioned by the Senate Committee over its reaction towards these breaches. There were almost 1 billion accounts which were stolen in 2013 from yahoo whereas; in the year 2015 the number was 500 million. The most concerned part of this stealing is that, the broachers’ had accessed the accounts with forged cookies, without any passwords.
After the cancellation of the meeting with the staff from Senate Committee on Commerce, Science and Transportation, the senators John Thune and Jerry Moran had sent a letter to Yahoo, inquiring about the answers about these security breaches. They have been asking about the efforts and steps Yahoo took after these major issues. And this time Yahoo had turned around with complete details and its reaction towards these major security incidents.
The aftermath that we come to know about the reaction of Yahoo after the security breaches are:
Yahoo has a broad cooperation with the law enforcement, more than what we had realized. It has been cooperating with the related government official bodies about these breaches. They also stated that, they have learned from a law enforcement agency about how their accounts were stolen online.
They have hired the services of the Risk Management Executive, so he can look after the security. However Yahoo Spokesperson has declined to disclose the name of the new hire for the security assessment and management.
Yahoo has been working on making its team even better and strong to better address these kinds of security breaches in the future. It has also been following the NIST Cyber security framework, which provides the best practices to deal with security breaches. It actually detects the treats right away to resolve it before it even starts creating problems.
It seems like; Yahoo is willing to keep the distance between its employees and the Senate Committee members. Instead of providing answers to the Committee, it has formed a board of directors to investigate such breaches. That might be because they don’t want to share anything with the Senate Committee before the finalization of its deal with Verizon.
The one unanswered question which is important remains there, and it is the disclosure to consumers about the timeline when they will put everything in front of them.
It has been said that Yahoo never knew about the breaches of the year 2013, till the moment a law enforcement body approached in 2016. However, they are saying that; they were aware of the breaches happened in the year 2014. But an important question here is; why did they never announce about these breaches for almost 2 years?
Warner said that: the fillings of the September by Yahoo are creating serious concerns about the trust of the people in it, as it is unaware of the security incidents that had happened.
Even yahoo was unable to provide a timeline on which it could be able to submit its response against the questions being asked. The Vice President of the Yahoo, April Boyd however stated that:
“On September 22, 2016, Yahoo disclosed the 2014 Incident. Following the September 22, 2016 disclosure, the company, with the assistance of outside forensic experts, continued to investigate the 2014 Incident and related matters. The company has also actively been working with U.S. law enforcement agencies on this matter.”
The timeline is still being investigated by the independent committee which is established by the Yahoo’s Board of Directors. But the meeting with the newly announced independent committee is yet not fixed, as a spokesperson of the Thune’s Office said.
All these security incidents and this whole scenario played a great role in knocking down the offer by $350 million by the Verizon for Yahoo. Hence, the deal is being dragged down to 4.48 Billion and is expected to close during the 2nd quarter of this year.
