Yahoo insiders say lax commitment to security a big factor in 2014 breach

Though details are still sparse on the 2014 data breach that compromised 500 million Yahoo users' accounts, insiders say the technology company had not adequately invested in or prioritized cybersecurity defenses, reports The New York Times.

Speaking to NYT on the condition of anonymity, current and former employees said Yahoo remained far behind its contemporaries in terms of investing in a security infrastructure, instead focusing on a new look and developing new products. Yahoo's security team faced discord within the company, as leaders appeared unwilling to trade the inconvenience of added security protection for ease of use out of fear people would stop using company products, according to the report.

"To make computer systems more secure, a company often has to make its products slower and more difficult to use. It was a trade-off Yahoo's leadership was often unwilling to make," according to the report.

Suzanne Philion, a Yahoo spokesperson, defended the company's security, telling NYT Yahoo spent $10 million on encryption technology in early 2014, and the company will have increased investment in security by 60 percent from 2015 to 2016.

The incident at Yahoo serves as a reminder for all organizations, particularly those in healthcare, which has been targeted by hackers. Prioritizing cybersecurity and incorporating it into a strategic plan is a must.

It appears healthcare organizations are doing just that. According to the 2016 HIMSS Cybersecurity Survey, 85 percent of respondents said security has increased as a business priority since the previous year.

More articles on data breaches:

Calculating the true cost of a healthcare data breach
16 latest healthcare data breaches, security incidents
Thoughts on big threats for hospitals today

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months