Each month, we bring you some of the most compelling cloud and Salesforce security-related stories from the last four weeks. In this post, we discuss the Twitter breach caused by social engineering, the impact of the cybersecurity skills gap, the cost of compromised employee accounts, and more.
Social media giant Twitter was breached in an attack that affected dozens of high-profile accounts, including those of Barack Obama, Elon Musk, Bill Gates, Apple, Uber, and more. As part of a cryptocurrency scam, the hacker used the compromised accounts to send tweets requesting bitcoins. Sophisticated technology and advanced hacking skills weren’t necessary for this takedown. Instead, the attacker used social engineering to convince a Twitter IT employee that he was a co-worker and needed login credentials for a customer support platform. Once the hacker obtained the necessary login information, he had access to any account. As one source described it, “Twitter didn’t break. An employee did.”
Twitter contained the hack after several hours, but not before dozens of VIP accounts sent out scam tweets. The hacker and his accomplices are facing felony charges.
“Humans and their behavior continue to be the biggest threat for organizations. Security holes come and go. Sometimes there’s something urgent happening but once you patch and update, you’re good to go. The human weaknesses are there always. Every day. Forever.”
– Mikko Hyppönen, Chief Research Officer, F-Secure
IBM and Ponemon Institute’s 2020 Cost of a Data Breach Report revealed that breaches cost companies an average of $3.86 million and the most common cause is stolen or compromised credentials, which cost the most of all breach sources. In fact, companies paid almost $1 million more in compromised credential breaches than the global average.
The report also found that security automation technology cut the total cost by more than half from $6.03 million to $2.45 million; good news for companies that are investing in advanced security technology like AI, machine learning, and analytics to identify security threats.
While more than half (54%) of organizations required remote work following the onset of COVID-19, 70% believe the shift will cause an increase in data breach costs. 76% also indicated that remote work would lead to longer detection and response times, complicating the remediation process.
To combat risk and prevent data breaches, IBM Security recommends investing in security automation, adopting zero-trust security, designating an incident response team, monitoring user activity, allocating budget to compliance, and minimizing IT complexity.
Already a highly regulated industry, financial organizations are struggling under the added pressure of the California Consumer Privacy Act (CCPA)’s compliance requirements. The 2020 Data Risk & Security Report revealed that financial companies are grappling with the demand on IT resources and expenses alongside the increase in data subject access rights (DSAR) requests triggered by CCPA. Nearly 75% of organizations felt pressured to meet DSARs before CCPA went into effect, and more than a quarter claim the requests have increased expenses. According to Gartner, manually addressing a single DSAR can take longer than two weeks, costing an average of $1,400.
To help manage DSARs more effectively, the report recommends conducting routine entitlement reviews to minimize possible data abuse by an organization’s users. Streamlining the DSAR fulfillment process by starting with data classification is critical to ensure all relevant information is provided to consumers upon request.
“One missed deadline or incompletely fulfilled request could result in a thorough audit from the authorities and sizable fines. To ensure compliance while controlling costs and relieving the burden on IT, financial organizations need to automate the DSAR process.”
– Steve Dickson, CEO, Netwrix
45% of cybersecurity professionals agree – the critical shortage of cybersecurity skills continues to worsen, according to Enterprise Strategic Group (ESG) and the International Systems Security Association (ISSA). The Life and Times of Cybersecurity Professionals 2020 report revealed that 70% of organizations are affected by the skills gap, the ramifications of which include:
- Increased workload on current cybersecurity professionals
- Unfilled open job requisitions
- Inability to learn or use cybersecurity technologies to their full potential
In contrast, only 7% of respondents believe the shortage has improved. To help close the gap, the report suggests a holistic approach: cybersecurity education (starting with the public), career development, mapping and planning, and support from and integration with the business.
As business leaders work past the initial shock of COVID-19, the majority (74%) agree that cybersecurity should be a top priority during the recovery phase and beyond, according to the 2020 CrowdStrike Asia Pacific and Japan (APJ) State of Cybersecurity Report. The survey polled business leaders in the Asia-Pacific region about their pandemic response, cybersecurity practices, and future planning.
When asked whether COVID-19 changed their cybersecurity response plan, 69% responded yes due to the uncertainty and the onset of new threats brought on by the pandemic. While overall business budgets have taken a hit during this time, 65% of organizations actually expect to increase their technology budgets during pandemic recovery. These results indicate that many leaders are beginning to recognize that “good enough” security is not, in fact, enough. Ultimately, the most effective way to address rising threats is by proactively minimizing risk and closing security gaps, which requires a robust budget.
“In the new business normal, it will be vital to implement solutions that can be quickly deployed at scale to detect new threats, adhere to new regulations, and leverage the cloud so they can be easily managed remotely.”
– Andrew Littleproud, Vice President: APAC, CrowdStrike
The U.S. Senate recently approved an amendment to the FY 2021 National Defense Authorization Act (NDAA), which calls for the Department of Homeland Security to designate a Cybersecurity State Coordinator to each state. The Coordinator’s job would include acting as a risk adviser, providing training and counsel for state technology officials, and mitigating cybersecurity threats by working with federal, state, and local governments as well as organizations like hospitals and schools.
Before it can progress toward becoming a law, this legislation will be conferenced with the version previously passed by the House of Representatives.
“As cyber threats to the United States continue to evolve, it is critical we remain ready to respond to any attack at the state and local level as well. Designating one point of contact in each state to respond to cybersecurity breaches will help us mobilize our defenses and keep Americans safe in a crisis faster than ever before.”
– U.S. Senator John Cornyn (R-TX)