Yahoo has fallen victim to another security breach, it just highlights the relevance of the new GDPR regulation coming into force, says a leading security researcher.
Yahoo! has just announced that it fell victim to yet another security breach, with personal details stolen from approximately one billion user accounts. There have been a number of cases this year of retrospective notifications of breaches that are of little help to customers affected by them.
This underlines the need for regulation, says David Emm, principal security researcher at Kaspersky Lab.
Mr Emm said: “It's to be hoped that GDPR (General Data Protection Regulation), which comes into force in May 2018, will motivate firms to, firstly, take action to secure the customer data they hold, and secondly, to notify the ICO of breaches in a timely manner.
“Customers that entrust private information to the care of a business should be safe in the knowledge it is kept in a secure manner. Whilst security solutions significantly mitigate the risk of a successful attack, there are also other measures businesses can take in order to provide thorough protection. These measures include running fully updated software, performing regular security audits on the website code and penetration testing the infrastructure. It’s crucial that businesses ensure that all passwords are protected using secure hashing and salting algorithms. The best way for organisations to combat these types of cyber-attacks is at the beginning; by having an effective cyber-security strategy in place before the company becomes a target.
“Consumers have no control over the security of their online providers. However, they can mitigate the risk of a security breach. We would recommend that everyone uses unique, complex passwords for all their online accounts. It’s a growing concern that many people use the same password and personal details across multiple online accounts, meaning if their details have been compromised by one attack they could find other accounts suffer too. We would also urge people to take advantage of two-factor authentication, where a provider offers this.”
Find out how to ensure that your company is fully prepared for the implementation of GDPR by attending the GDPR Summit Series, designed to help businesses prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.
Further information and conference details are available at www.gdprsummit.london