It has been reported that question-and-answer website Quora’s user data has been compromised, with around 100 million users affected by the security breach. The breach was discovered last Friday after a “malicious third party” gained unauthorised access to one of their systems, CEO Adam D’Angelo said in a blog post.
Commenting on this, Sam Curry, chief security officer at Cybereason, said “With the news that knowledge sharing website Quora has suffered a data breach of more than 100 million users, it is time again to sound the alarms in an attempt to change the mindset in boardrooms around the world. There is an old saying that there are two kinds of companies; the ones that have been breached and the ones that don’t know they have been. Marriott, for example, would fit into the latter category, having announced just last week the second largest breach in history of 500 million customers and not knowing for more than four years that hackers owned their network. And as damaging as the Marriott breach is to their brand in the short term, longer term the company will likely pay out hundreds of millions of dollars in damages from class action lawsuits.
Today, the potential attack surface that corporations have to protect is a lot bigger and wider than it was just a few years ago, and this plays right into the hands of hackers. It is through persistence and patience that most adversaries are successful – try and try again until you are successful. This leaves corporations with the responsibility to implement a new offensive mindset and to very specifically take the fight to the adversaries. putting them on the defensive. Something has to change, because a hacker only needs to be right once to successfully compromise a corporation, while the defenders have to be right 100 percent of the time to avoid making headlines for the wrong reasons.”