Biggest Data Breach in History For Yahoo

As if the data breach of 500 million users’ accounts in 2014 wasn’t bad enough, Yahoo has just discovered that it was the subject of the biggest data breach in history when, back in 2013, more than one billion user accounts were compromised.

What Happened?

According to a statement from Yahoo, hackers used a method known as ‘forged cookies’ to enable them to gain access to users’ accounts. These cookies were pieces of code which, when planted in a user’s browser cache, the yahoo website didn’t require a login every time it was accessed. This meant that the cyber criminals behind the scheme were then able to use this vulnerability to pose and be misidentified as a user, and get into their account without needing a password.

Email Account Breach.

In this case, email accounts were breached and it is not thought that any stored payment card and bank account information were taken. One big problem is however that emails contain all kinds of sensitive and personal details such as bank details, family details, and even passwords.

Password Sharing.

Another danger of having your email password stolen by hackers is that many people use the same password for multiple purposes e.g. as their login to retailer accounts. Hackers are therefore known to compile databases of them, and to test combinations of stolen login details on other websites e.g. Amazon in the hope that password sharing will enable them to gain entry.

State Sponsored Breach.

It has been reported that Yahoo believes that the one billion + user data breach is likely to have been ‘state sponsored’.

Letter From U.S. Senators.

Some security commentators have suggested in recent years that Yahoo had been falling behind its peers in terms of blocking spam and email-based attacks. It has also been reported that after Yahoo’s announcement in September about its huge data breach back in 2014, six US senators sent Yahoo a letter. The letter voiced their concerns, asked when Yahoo had actually found out about the breach, and stated that the long delay between the breach and its announcement was ‘unacceptable’.

What Does This Mean For Your Business?

If you are a Yahoo email account holder, the advice from the company is to change your passwords and security questions/answers, and to change the answers for any other accounts on which you used the same or similar information. You are also advised to review your Yahoo account(s) for any suspicious activity. Yahoo also suggests that account holders should beware of unsolicited communications asking for personal information or referring them to web pages, and to avoid clicking links or downloading attachments from suspicious emails. Yahoo is also offering users the ‘Yahoo Account Key’ tool which gives authentication without the need a password.
For businesses and individuals alike this story emphasises the need to be vigilant online, to set very strong passwords and not to share passwords between different websites.

BT Broadband Christmas No.1 For Complaints Says Ofcom

BT Broadband has the dubious honour of making it to the Christmas no.1 spot…for customer complaints. Figures from Ofcom the 3rd quarter of 2016 make grim reading for BT and for other Broadband companies that it owns.

How Many Complaints?

BT unfortunately tops Ofcom’s list with an eye-watering 36 complaints for every 100,000 customers. To put it in perspective, that is nearly double the industry average figure of 20 per 100,000 customers.

Bad News For Plusnet and EE Too.

Second and third place in Ofcom’s list went to Plusnet and EE, both companies owned by BT.

What Went Wrong?

According to statements by Lindsey Fussell, Ofcom’s consumer group director BT’s customers experienced problems relating to both its broadband and landline services from July to September. There also appears to be an accusation of complacency by Ofcom relating to BT’s customer service during that period.

Vodafone Still Tops Mobile Complaints.

Offcom’s figures show that while BT has been stumbling with its broadband service at the end of the year, Vodafone has consistently topped the complaints list for pay-monthly mobile complaints since the 3rd quarter of last year. Numbers of complaints have however fallen 18 per 100,000 customers since reaching a high of 32 at the end of last year.

What Does BT Say?

BT’s Chairman Sir Michael Rake has publicly acknowledged that there were some exceptional broadband outages during the third quarter of this year. Sir Michael has apologised to customers and has promised that customers will see an improvement after he puts new measures into effect. These measures are reported to include a recruitment drive for more staff to handle queries / complaints, more cash being put into service improvements, and an overhaul for the software used by BT to handle the complaints.

Some critics have said that BT’s improvements should concentrate less on improving how complaints are handled and more on trying harder to eradicate the causes of those complaints.

Possible Fine.

Although no fine has been announced for BT, Ofcom has used some large fines against communications companies in recent times. Vodafone for example had a £4.6m fine from Ofcom in October this year relating to broken rules concerning complaint handling, and for misleading customers about aspects of pay-as-you-go services. Ofcom also fined EE £1 million for not handling parts of the complaints process properly.

Ofcom Moving To Separate BT and Openreach.

Ofcom has recently ruled that it will be formally asking the European Commission to start the process of separating BT from its network infrastructure arm, Openreach. There has long been an argument that investment is needed in the network, and that action needs to be taken to improve broadband and phone services across the UK. Critics have argued that Openreach needs to repair problems and install new lines more quickly, improve service performance and broadband coverage across the UK.

What Does This Mean For Your Business?

Many businesses and individuals use BT broadband services and it is good news therefore that the regulator is staying on top of things. The fact that BT and Openreach could be separated in the near future should mean greater investment in the infrastructure, higher quality and more effective services and customer services.

This could, of course, bring service improvements for customers in the not-too-distant future.

Blockchain in Dubai Could Transform Middle East

Dubai’s commitment to putting all its documents on Blockchain’s shared open database system by 2020 could help to cut through Middle Eastern bureaucracy, speed up civic transactions and processes, and could help bring a positive transformation to the whole region.

What is Blockchain?

Blockchain is an incorruptible peer-to-peer network (a kind of ledger) that allows multiple parties to transfer value in a secure and transparent way. Blockchain’s Co-Founder Nic Carey describes Blockchain as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”.

The developers of the Blockchain system say that the trust between participants is not necessary because trust is embedded in the system itself, and that access to all relevant information is available to participants.

What Can It Be Used For?

Blockchain has multiple possible uses e.g. as a global property rights / land registration system, as the basis of a non-centralised (and therefore faster) payment system, and as a system for exchanging / buying / selling all kinds of collateral such as stocks, bonds, land titles and more.

What’s Happened in Dubai?

As well as Dubai’s commitment to putting all of its documents on Blockchain in the next few years, the emirate has also founded a public-private initiative called the Global Blockchain Council to foster the development and use of Blockchain technology in and between local government teams, local businesses and international start-ups.

How Blockchain Could Help in the Middle East?

It is thought that Blockchain could help the whole Middle East region in many ways including:

  1. Increasing transparency and liquidity in the real estate market. Since land registration in Middle East economies still relies on paper for registration and title transfers, the digitising of this process could speed everything up.
  2. Faster and cheaper transactions in key industries. In the oil-industry for example, crude oil sales to international buyers still require traditional wire/cheque transfer or Swift payment methods, and cross-border payments can take between two and three days to complete. With Blockchain, payments are almost instantaneous and take around 15 minutes to complete. The lack of centralisation i.e. no central banks means that the transactions could take place easily with customers in different time zones.
  3. Helping governments. This could be to collect taxes, deliver benefits, issue documents, and to assure the supply chain of goods and the integrity of governmental records.

What Does This Mean For Your Business?

For businesses in Dubai and across the Middle East, this could make trade and development easier and faster. For UK businesses dealing with or wanting to deal with businesses in Dubai, this could also be a very positive development that could facilitate trade and open up new opportunities.

The days when businesses can buy, sell and transfer funds quickly and easily anywhere in the globe are now not far off thanks to the development of the Blockchain technology. If the technological challenges of finding ways to make an all-purpose Blockchain can be met, businesses will be less reliant on big banks and will be able to use new financial systems that are flexible, interoperable, secure, and convenient.

Businesses Misusing Average IT Security Spending Figures

A recent report by Gartner warns that although businesses are spending on average just over 5% of their overall IT budgets on IT security, comparing your security spending to other firms in the same sector is no substitute for accurately assessing your own security posture and spending requirements.

Yes It Sounds Low, But…

According to Gartner’s report, the current IT security spend ranges from 1% to 13% of a firm’s IT budget, and the just over 5% average spend figure does seem low, especially considering the large number of reported hacks and security breaches.

The report however suggests that if companies use industry average figures, or even the amount of a company spend in the same sector to help them decide upon their own IT security budget, they may be putting themselves risk, and/or misusing that information.

Base It on Your Own Company’s Needs.

According to the Gartner Report, simply applying generic industry averages could mean that although your company is spending at the same level as peers, you may  be spending it on the wrong things. Your company’s IT security needs may be more complex, and your risk appetite may be greater than those of companiesthat you may regard as being your peer.

The Gartner report therefore argues that simple spending statistics do not necessarily provide a measure IT effectiveness and are not a gauge of successful IT organisations.

Unaware.

Another complicating factor for arriving at accurate IT security budgets highlighted by the report is the fact that many organisations are unaware of their security budget, and due to inadequacies in company cost accounting systems the chief information security officer has restricted insight into security spending throughout the enterprise. For example, many security-relevant processes are in fact carried out by staff who are not devoted full-time to security, thus making it impossible to accurately account for security personnel.

What Does This Mean For Your Business?

In order to arrive at the right kind and level of IT Security budget for your specific organisation, it is risky to rely heavily upon industry average statistics. A better plan may be to clearly establish your own business IT security requirements and risk tolerances. To help identify a real budget it may be worth looking at areas such as networking equipment with embedded security functions, any desktop protection that may be included in your end-user support budget, your enterprise applications, any outsourced or managed security services, your business continuity or privacy programmes, and any security training that may be funded by your HR function.

Being able to accurately divide up your spending among hardware, software, services (including outsourcing and consulting), and personnel, may mean that you are more able to arrive at the optimum budget.

It may even be the case that by exercising due diligence in this way you end up spending less than the average amount while still staying secure.

Among the lowest-spending 20% of businesses are organisations that have implemented best practices for IT operations and security, and are actively working to reduce vulnerabilities.

100% renewable-powered data centres For Google by 2017

Google has announced that it’s still on target to meet a 2015 pledge that it will be able to offset all of the energy used at its data centres and offices with power that has been generated using renewable sources by next year.

Good, But How Significant?

It is no surprise that a global company like Google with around 62,000 staff, billions of users, and around 65% of the search engine market (not to mention Gmail, Google+, Google analytics etc) needs 13 data centres. To meet Google’s requirements it is reported that these data centres consume around 5.7 terawatt-hours (TWh) of electricity per year.

To give some idea of how much energy this is, the terawatt hour unit is something that would normally be used to express the annual electricity generation for small countries rather than businesses.

How?

Many businesses will be familiar with the concept of offsetting and in Google’s case, although it still uses power from fossil sources, this latest announcement means that it is nearly at the point where it is buying in enough energy that has been produced by wind and solar to offset its full consumption figure.

Why?

Google’s own technical infrastructure people have said that the big reductions in the cost of wind and solar over the last 6 years (down 60% for wind and 80% for solar) have meant that there are cost savings to be gained for Google.

Some technology commentators have also suggested that some of the big motivators for Google have also been the many tax incentives from the U.S. government and others for investing in ‘clean’ energy.

Google sources have acknowledged the importance of tax incentives but have also stated that even though these are likely to decline over the next few years, the costs of renewable energy technology is likely to come down too.

Environmental Groups Pleased.

Google’s announcement has pleased environmental campaigners. Friends of the Earth (FoE) for example are reported to have publicly supported Google’s commitment to renewable energy, welcoming it as part of a broader movement by companies, cities and entire countries.

What About Trump?

Some commentators have expressed fears that U.S. President-elect Donald Trump’s apparent dismissal of climate change could end many of the tax breaks and therefore some of the motivation for businesses in the U.S. to commit to renewables.

What Does This Mean For Your Business?

It is, of course, good news to hear that large, high profile businesses with big energy requirements such as Google, for whatever reason, are committing to renewable, cleaner energy sources.

In the UK, many businesses are now likely to be getting a slightly larger proportion of their energy from renewable sources anyway over the coming years. For example, almost half (46%) of the UK’s electricity came from clean energy sources such as wind and nuclear power last year, and renewables now account for a quarter of the country’s power supplies. Last year was the first time that renewables in the UK have outstripped coal power.

Some energy commentators have noted that the UK has fallen from top to 13th place in consultancy Ernst & Young’s annual league table for attractiveness to clean energy global rankings. This indicates that investors in renewable energy projects are probably being put off the UK by what many see as the government’s hostility to renewables and green efforts, and their slashing of support for clean power supplies in favour of more expensive alternatives e.g. shale gas and nuclear power.

Obama Orders Election Review After Cyber Attacks and Foreign Influence

After public accusations against Russia concerning cyber attacks against Democratic Party organisations in the recent U.S. presidential election, President Barack Obama has ordered a full intelligence agency review.

Accused in October.

Back in October, Russia was formally accused by the U.S. government of launching cyber attacks against Democratic Party organisations during the 2016 election campaign. Since Donald Trump’s election as President on November 8th, and following his praising Putin and public dismissal of the idea of Putin and Russia’s influence or interference, the matter has snowballed into a global news story and has become the focus of Democrats’ anger and suspicion.

Report Before He Leaves Office.

President Barack Obama has given U.S. intelligence agencies a relatively short time to ensure that a report about the whole matter is delivered before he formally leaves office on January 20th 2017.

As well as establishing areas of responsibility and guilt for certain players in the matter, it is hoped that the report will capture lessons about the U.S. election process in the future, and provide important stakeholders such as Congress with a clear and accurate summary of what has happened.

Digging Deep.

According to spokespeople from the Whitehouse, the report requested by Obama will not just take into account recent activity but will be based in a review of behaviour patterns that could go as far back as the 2008 presidential election.

Strong Words.

President Obama is reported to have warned Russian President Vladimir Putin about the possible consequences for the cyber attacks. President Obama has also been publicly quoted as saying that the hacking of and leaking of Democratic National Committee (DNC) emails leading up to the presidential vote were “espionage or propaganda”.

Motivators For The Report.

As well as the idea that Democrats may be simply reacting to a dirtier than expected campaign and their candidate’s loss, political commentators have pointed out that recent demands by Democratic lawmakers to declassify more intelligence on the alleged hackings have been a key motivator in the ordering of the report now. Some commentators have also said that a review and report would also help Democrats to determine how much material related to the subject could be made public.

Denied.

Russian officials are reported to have denied any interference in the U.S. elections and President-elect Trump is reported to have told Time Magazine “I don’t believe they interfered”.

What Does This Mean For Your Business?

What this story should illustrate to businesses is that if secure government systems can be (allegedly) hacked, then it follows that our own business websites, emails, and data storage systems may well be vulnerable to attacks and data breaches if at least basic security measures are not put in place.

Security of your data and systems is now likely to be something that is no longer just responsibility of your IT department, but is something that with the aid of investment, training and raised awareness is the responsibility of all members of your organisation to uphold in their daily work. It is also a good idea to make sure that your business has robust, workable, up-to-date, and well-communicated Disaster Recovery and Business Continuity plans in place.

Each week we bring you the latest tech news and tips that may relate to your business, re-written in an techy free style. 

Archives