Twitter Hack Shines Light on Cybersecurity Risks with Virtual Workforce
Thanks to the recent Twitter hack, we all got a sharp reminder of the threat from “social engineering.” We also got a lesson in the difference between “phishing,” “vishing,” and “smishing.”
It also underlined the heightened risks to the cybersecurity of organizations when employees are working and accessing networks from home.
Has there ever been a more stressful time for anyone responsible for issues management within an organization?
There are the huge, sweeping changes brought on by the pandemic, plus the heightened scrutiny of workplace culture and behavior resulting from the Black Lives Matter and MeToo movements, and the upcoming presidential election.
Meanwhile, Hurricane Isaias, which was troubling the east coast in early August, was the ninth named storm of the season, the earliest date there has been so many. (Check out the In Case of Crisis natural disaster resources).
Now, we have a well-publicized return of an older, but no less threatening risk – the cyberattack.
Twitter reported that on July 15 it faced a serious incident in which 130 accounts were compromised, many belonging to notable people, including Barack Obama, Joe Biden, Bill Gates, Elon Musk and Kim Kardashian West. Twitter released this explanation:
“At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information.”
Building on Twitter’s statements, CNN looked deeper into the narrative of the hack, including interviews with data security experts, one of which is Twitter’s former chief information officer.
The article concluded that the social engineering allowed the attackers to target employees with administrative privileges to gain access to a tool used by Twitter employees to handle customer support requests, known internally as “Agent Tools,” which contained a great deal of user information.
The Cybersecurity & Infrastructure Agency, formed in 2018 within the Department of Homeland Security, explains social engineering attacks:
“In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity.”
Social engineering attacks take many forms; among the most common are:
- Phishing: victims interact to emails or websites that appear to belong to respectable organizations, often financial institutions, but which are malicious attempts to gather sensitive data.
- Vishing: leverages voice communication, usually enticing a victim to call a certain number and divulge information. Modern technology, known as Voice over Internet Protocol (VoIP), allows the caller identity to be spoofed.
- Smishing: exploits SMS, or text, messages. The text messages contain links to webpages, email addresses or phone numbers, which when clicked cause bad things to happen. This integration of technology can make the malicious message even more credible to users who fall victim.
Deloitte has looked closely at what it calls the “Next Normal” when so many workers must shelter and work from home and the resulting increased stress on cybersecurity. It recommends three key steps as part of an increased focus on network security in the “Next Normal”:
- Develop security policies and guidelines for BYOD. This stands for “Bring Your Own Device” and would require that corporate security software is installed before any such devices can be used.
- Review firewall rules for remote access. The two key technologies are User and Entity Behavior Analytics (UEBA) and file integrity monitoring.
- Restrict access from unapproved devices. Limit personal device access to only the required corporate cloud services that are needed for critical business services.
Deloitte also points to technologies that enable secure remote access including virtual desk infrastructure, identity and access management, and cloud migration.
As ever, a key part of your defenses is awareness, ensuring that everyone on your team understands the risks and the security policies.
In this difficult time, every organization needs to review and strengthen its preparedness plan, communicate the content to employees and ensure rigorous adherence to its cybersecurity policies.
Learn how hundreds of organizations large and small are using our award-winning crisis management platform, In Case of Crisis, to better prepare for and respond faster to emerging threats.