Yahoo's Hack: What CEOs Can Learn


The world’s most innovative and influential CEOs are gathering in Las Vegas, Nevada for the Consumer Electronics Show now in its 50th year.

These trend setters are among the brightest business minds on the planet and an integral component of our world’s economy. However, what remains mystifying is the blatant disregard our corporate titans continue to display toward preemptive risk mitigation of the most prolific threat they collectively face, that being cyber-crime.

Without any intention or desire of throwing Yahoo (NASDAQ:YHOO) under the bus, it is imperative that we embrace the many lessons to be learned from this colossal breech of security, potentially impacting a billion of the site’s users, shareholder value and customer protection.


Yahoo’s delayed response was perhaps one of the poorest examples of damage control in the history of business. Any true crisis communications specialist, as well as investor relations professionals, would attest to the fact that customers and investors want to know bad news quickly.


This incident is a blatant example of several  hard truths.

  • Most corporate infrastructures are vulnerable regardless of what CEO’s are told
  • Hackers can live inside your network unbeknownst to you
  • IT scans are ineffective in identifying breeches such as this compared to that of the anti-crime approach from cyber professionals


Regardless of the relentless chatter about In and Non-State Actor involvement, the fact remains that the vast majority of breeches are perpetrated from within. That said, if this isn’t a wakeup call for CEO’s to demand Human Resources managers replace the commodity based background check in play with a real investigation, I don’t know what is.


Perhaps the most critical lesson for all chief executives is the magnanimous manner in which brand valuation is severely damaged after a breech.  Case in point; Verizon (NYSE:VZ) is reportedly asking for a $1 billion discount off the $4.8 billion it agreed to pay for the search giant last July.

In sum, note to CEO’s, I beseech you, don’t roll the dice on this subject. Regardless of how qualified your internal IT team is, validate the integrity of your systems properly as the alternative is clearly unacceptable to all concerned.

Cheap, truly IS, Expensive.

Paul is the author and lead editor for Jane's Publishing's book "Workplace Security” and Contributing Editor for Jane's. He is co-author of "Silent Safety – Best Practices for Protecting the Affluent”. He appears regularly on the FOX Business Network as well as other national television and radio outlets.

Paul holds the distinction of Honorary Assistant Attorney General for the State of Louisiana. He holds a bachelor's degree in Criminal Justice, a Master of Public Administration, and a Ph.D. in Philosophy.