12/25/2023 0 Comments Twitter incontrolAny attempt to provide customer service requires that, to some extent, but it's also clear that the company needs to consider additional controls, such as requiring two employees to sign off on proposed changes to prominent user accounts.Ĭompanies also need to move past the idea that a user who has entered the proper login credentials is a valid user - the so-called "zero trust" approach. Then, once workers pass that test, other tools are needed that grant certain people access only to specific data sets or controls, so that one breach doesn't open up the entire company to an attacker.Īt Twitter, lots of employees have access to user accounts. Software from companies like Okta allows workers to securely access the internal corporate applications they need to do their jobs with "single sign-on" technology, sort of like a password manager for work. This need has only accelerated in a pandemic, during which so many employees are working from their home networks and outside of the traditional defenses around corporate networks. In a blog post Monday, security expert Bruce Schneier called the Twitter incident a "class break," describing this category as "security vulnerabilities that break not just one system, but an entire class of systems." "Class breaks are endemic to computerized systems," he wrote, "and they're not something that we as users can defend against with better personal security."Īs more and more companies move critical applications to cloud services and use third-party enterprise software tools, modern identity management software has become a very important part of the tech department's toolkit. But it's clear that steps taken to improve controls in the aftermath of two other high-profile incidents - a 2010 settlement with the Federal Trade Commission over account access issues and the 2018 indictment of two employees who were spying for the Saudi Arabian government - were not enough, and there are lessons for everyone in the aftermath. Twitter's experience was an extreme one, and while we don't know exactly how much information was compromised, the outcome could have been much, much worse. It took Twitter several hours to regain control of its systems Wednesday after a small group of hackers were able to obtain the login credentials of a Twitter staffer and commandeer its account tools. Twitter's harrowing security incident last week is a good reminder that many companies need to reassess the internal controls governing access to their tools and data, because it's never been harder to stop the bad guys at the perimeter.įor administrators at a big, very visible company like Twitter, it's not if your network defenses will be penetrated it's when.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |