IF YOU HAVE any doubts about the need for a new corporate cybersecurity mindset, the daily news
contains plenty of sobering evidence. Recently, Yahoo Inc., which was in the midst of a planned transaction to sell its core businesses to Verizon, disclosed that it had been the target of two of the biggest data
breaches ever, with sensitive information stolen involving more than 1 billion user accounts in 2013 and
500 million in 2014.1 In addition to highlighting Yahoo’s cybersecurity vulnerability, the attacks have
resulted both in a delay in the planned acquisition by Verizon and in a probe by the U.S. Securities and
Exchange Commission about the disclosure of the breaches. 2 The incident raises broad questions about
how cyberthreats affect mergers and acquisitions
deals, and it could have an impact on disclosure
guidelines and regulations.
In the past several years, the list of companies
whose internal systems have been hacked has
grown rapidly. In addition to hundreds of small
and medium-size companies, it now includes such
high-profile businesses as Target, JPMorgan Chase,
Home Depot, Sony Pictures, Ashley Madison, and
Yahoo. In many cases, cybersecurity breaches go
on for weeks or months before they’re discovered.
Cybersecurity breach response times can be a crucial factor in the data breach scale, its mitigation,
the determination of its source, and also future
legal issues involving the disclosure period. Not
only have the attacks in the past few years been
costly for the companies, but they also shake the
confidence of customers, shareholders, and employees. And no industry appears to be safe from
attacks, regardless of the specific measures individual companies use to defend themselves.
As a result, spending on cybersecurity is poised
to accelerate. Gartner Inc., the information technology (IT) research and advisory firm, has
estimated that global spending on information
To Improve Cybersecurity,
Think Like a Hacker
Cyberattacks are an increasingly common and worrisome threat.
To combat the risk, companies need to understand both hackers’
tactics and their mindsets.
BY JOSÉ ESTEVES, ELISABETE RAMALHO, AND GUILLERMO DE HARO
; Hackers will
patiently and thoroughly examine a
; People often represent the weakest
link in an organization’s cybersecurity.
; Senior management
needs to stress the