Many large-scale cybersecurity failures like the one that resulted in Yahoo’s recently announced data breach happen because of carelessness of victim companies, cybersecurity expert Stephen Boyer told CNBC on Thursday.
“A lot of these breaches happen because somebody had a very obvious detail that they overlooked or a well-known vulnerability that was exploited,” the BitSight Technologies co-founder and CTO told “Squawk Box.”
Noting 2016 breaches at Neiman Marcus, Kohl’s, Wendy’s, and Vera Bradley, Boyer said large businesses need to increase their protection for the sake of themselves and their customers.
“You think about other controls that they need to put in place such as good password control, multifactor authentication,” he said. “They need to be able to monitor, protect, not only look at their own systems but their supply chain and monitor and watch that very diligently.”
Yahoo did not immediately respond to a CNBC request for comment.
The financial services sector has the best precautions, Boyer said. “They have a very good culture of risk management,” he said.
But small businesses, especially in retail, tend to struggle when it comes to protecting their information, he said.
Outside of the top 100 retailers by revenue, which Boyer said have been improving their cybersecurity practices, “you still see a lagging group where even though they’re aware [of the potential for breaches] … they just haven’t had the wherewithal or revenue or capability to make the improvements that they need,” he said.
The solution, however, isn’t to scratch smaller retailers off your shopping list, Boyer said, noting that part of the responsibility falls on consumers to monitor their credit cards for fraudulent charges.
“It’s not just avoiding the smaller players and going with the bigger ones,” Boyer said. “Many of the small retailers may be using someone who provides transaction services to protect that. So it’s not necessarily small versus large, it’s just somebody who’s put in the proper protections to protect the consumers.”