How secure is your business?
With data usage reaching unprecedented numbers, a company’s security can be the most impacted. Many companies have fallen victim to hijacked accounts propagating money-making scams, costing them over 100k in fines from GDPR violations. Moreover, tarnishing public confidence and trust in the user account security.
Twitter recently experienced a massive security breach with over 2000 user accounts acquired through a simple social engineering tactic. According to Haseeb Awan – (@haseeb) “a hacker met a twitter employee on discord gaming channel and befriended him who sold ‘HIS’ login for $2000,” giving the hacker inside access into the internal Twitter ecosystem. The Bitcoin account linked to the spam of messages is seen to have sent 12.86 Bitcoin, valued over $118,000. Yonathan Klijnsma, in charge of threat research at RiskIQ, found close to 400 web domains created far in advance to support the scam. The attack has raised many questions about the security of the Twitter social media platform, especially amid a Presidential campaign (Forbes).
So how could this have been prevented?
There are a few security controls that could be put into place to notify a Security team or potentially prevent the breach overall;
Data Classification: Adequately classifying data to ensure it is restrictive based on the sensitivity will decrease the likelihood of non-data related job functions getting unnecessary access.
Data Loss Prevention System: Creating a system to monitor massive data access or changes happening on sensitive data.
Network Anomaly and Intrusion Detection: Monitoring network activity of authenticated users, A) coming from unrecognized IP addresses, and; B) making massive changes to sensitive data.
Although we do not know the full extent and details of the attack on Twitter, we do have systems in place helping organizations prevent similar circumstances from occurring.