Following hacks involving the breach of more than a billion email accounts that is driving down the valuation of Yahoo once again and a much smaller number of high-profile compromises of Gmail accounts belonging to officials of the Democratic National Committee (DNC) it won’t be too long before many organization start revisiting their approaches to the consumerization of IT.
Many end users these days conflate consumer and corporate services to accomplish any number of tasks. Inevitably, sensitive data bleeds over between these services. Hackers have now long known they can with a fair amount of ease compromise the credentials of a consumer grade service to gain access to mountains of data. At the same time, phishing attacks that appear to be an important message from one of those consumer grade services has emerged as a favorite form of phishing attack that in the case of the DNC proved quite effective. DNC officials were fooled into downloading malware when they received a fake email informing them that some unknown party has stolen their email passwords. They were advised to click on a link to change that password, which was then used by the hackers to access all kinds of sensitive data that probably should never have been shared via Gmail in the first place.