4 October 2016
Six Senators demanded that Yahoo should explain why it took about 2 years before the massive data leak came to light.
In Reuters Technology News of 27 September 2016 Dustin Volz and Lisa Lambert wrote:
The lawmakers, all Democrats, said they were “disturbed” that the 2014 intrusion, which was disclosed by the company on Thursday, was detected so long after it occurred.
“That means millions of Americans’ data may have been compromised for two years,” the senators wrote in a letter to Yahoo Chief Executive Marissa Mayer. “This is unacceptable.”
This is a very interesting turn on events, but entirely justified.
In report ‘Yahoo breach calls into question detection and remediation practices’ published on SearchSecurity on 28 Sep 2016, Michael Heller discussed the question about Yahoo’s detection and response practices. I haven’t seen any discussions about missing preventive controls, although these are the foundation for the rapid detection of cyber-attacks.
The goal of prevention is to force the attacker to make errors by isolating him from his and our environment. A well-tuned SIEM system should then rapidly detect such anomalies and create incidents from them. A good mixture of detection and prevention is required for the rapid detection of cyber attacks.
For a comprehensive discussion on prevention and detection see post Cyber Security Investments: Experts Discuss Detection vs. Prevention published in the Digital Guardian blog.
In briefing document ‘The Strategic Game of ? and ?’ John Richard Boyd shows the direction to cyber security:
The Strategic Game is one of Interaction and Isolation. A game in which we must be able to diminish adversary’s ability to communicate or interact with his environment while sustaining or improving ours.
Have a good week.