Twitter data breach, the perfect warning to boards: The biggest risks to the company may be the company

21 July, Twitter apologises for another data breach:

'We're very sorry this happened. We recognise and appreciate the trust you place in us, and are committed to earning that trust every day.'

With respect to data breaches, my advice to Twitter, and boards alike is simple: Keeping earned trust today starts by reassessing insider threat strategies. Internal employees may be the biggest threat boards face defending against data breaches.

In the latest Twitter breach, messages from Barack Obama, Jeff Bezos, Elon Musk, Joe Biden were sent out by cybercriminals using celebrity accounts to scam trusting followers on the platform.

How did it happen? Although many put trust in words or tweets of public figures, boards can not afford to do the same with the workforces they steer. The average cost of a data breach has been estimated at 3.9 million dollars per IBM reports.

This Twitter cyber-attack was made possible because of one person. Out of the roughly 5000 people who are employed by Twitter, that' one' Twitter employee was paid to help hackers gain access to high profile accounts. Because of this single person, this data breach was successfully executed, causing reputational damage. Unfortunately for boards, even when an employee has not been paid, but just careless, the bottom line is the same. An internal employee identified as the weakest link by hackers can be the pathway to financial gain or a targeted criminal or political result. People have always been the weakest link to any security program. 

On our forthcoming 20 August webinar for The Chartered Governance Institute, 'Are you equipped to handle a cyber-breach' Nancy Wang, CEO of Advancing Women in Product and Silicon Valley Tech Expert, and I will dissect recent data breaches. Not only will we talk about mitigating insider Threat, but also provide the insight needed to help sharpen a board's ability to prevent, respond, minimise damage, and ensure business continuity. Some key areas we will discuss include:

  1. Incident response, including legal and technical actions that must be taken following Industry best practices          
  2. Cyber preparedness for data breaches, including business continuity, and crisis management plans
  3. Zero trust strategies that grant access needed to authorised users, while increasing access security 
  4. User and endpoint monitoring to detect abnormal user behaviour quickly before a breach happens
  5. Auditing, and managing privileged user accounts with elevated rights
  6. Creating a top-down culture of cyber awareness amongst employees

In conclusion, with many of the discussion areas above, boards must mitigate the impact of the human factor. Generally speaking, a proper approach to defending against insider threats provides employees with access to be able to do the work while protecting company data and assets. Most importantly, a proper approach led by The Board ensures that their trust is placed in technology, industry best cyber practices, and their leadership rather than the hands of the vulnerable.

Join the webinar here.

Frank Satterwhite

Frank Satterwhite is founder and CEO of 1600 Cyber GmbH, www.1600Cyber.com. Frank is a global cybersecurity expert and social influencer. Frank has and still leads the handling of cyber attacks and incidents that can cause geopolitical instability. For the majority of his career, he has held high-level security clearances for NATO and the Department of Defense, working in classified, Joint warfighting, and private sector environments in Europe.

Frank's formal training includes a Bachelors from UC Berkeley and his Master's in Cyber Security from George Mason's Engineering Program. He is an authorised ISACA Trainer, CISSP, CISM, and CSX-P Boot Camp Instructor. His technical skills, experience, education, and training gives him an advanced understanding on effective leadership in security programs.

Frank proudly founded 1600 Avenue a 501c3 non-profit based in Los Angeles and Silicon Valley, www.1600Avenue.com. This organisation, along with 1600 Music Group, www.1600MusicGroup.com, partners with entertainment icons to inspire the next generation of cyber leaders.

Links

www.1600Cyber.com

www.1600Avenue.com

www.1600MusicGrop.com

#BrownTonyStark1

#TechEmpowementPlan

https://www.linkedin.com/in/franksatterwhite/

https://www.linkedin.com/company/14795468/admin

www.hiphopleaders.com

https://www.washingtonpost.com/technology/2020/07/16/twitter-security-breach-response/

Join our upcoming webinar on the 27th October Join our virtual conference on the 10th November Join our upcoming webinar on the 11th November

Search ICSA