says David Kennedy, CEO of incident response firm TrustedSec, who previously worked at the National Security Agency and with the US Marine Corps Signals Intelligence Unit. “There is a lot of work to be done to stabilize and secure the platform, and there is definitely a high risk from a malicious insider perspective because of all the changes that are happening. Over time, the likelihood of an accident decreases, but the security risks and technology debt remain.”
A Twitter breach could expose the company or its users in myriad ways. Of particular concern is an incident that endangers activist users, dissidents or journalists under a repressive regime. With over 230 million users, the Twitter hack would also have potentially far-reaching consequences for identity theft, harassment, and other harms to users around the world. And from a government intelligence perspective, the data has already proven valuable enough over the years to motivate government spies to infiltrate the company, a threat Zatko said Twitter was ill-prepared to take on.
The company was already under scrutiny by the US Federal Trade Commission for past practices, and on Thursday, seven Democratic senators called on the FTC to investigate whether Twitter’s “reported changes to internal reviews and data security practices” violated the terms of the 2011 settlement. between Twitter and the FTC over previous data mishandling.
In the event of a breach, the details will, of course, dictate the consequences for users, Twitter, and Musk. But the outspoken billionaire may want to note that at the end of October, the Federal Trade Commission (FTC) issued an order against online delivery service Drizly along with personal penalties against its CEO, James Corey Relas, after the company disclosed the data of nearly 2.5 million users. It requires the company to have stricter policies on deletion of information and less data collection and retention, while also requiring Cory Rellas to do so at any future company he works for.
Speaking broadly about the current landscape of digital security threats at the Aspen Cyber Summit in New York City on Wednesday, Rob Silvers, Under Secretary for Policy at the Department of Homeland Security, urged companies and other organizations to be vigilant. “I wouldn’t be too complacent. We see enough successful break-ins and hacks every day that we don’t let our guard down one bit,” he said. “Defense is important, flexibility is important on the field.”
Dan Tintler, founder of the attack simulation and remediation company Phobos Group, who worked on Twitter security from 2011 to 2012, points out that while the current chaos and understaffing within the company creates urgent potential risks, it can also present challenges for attackers who may have difficulty resolving them. This moment in the organization sets out to target employees who are likely to have strategic access or control within the company. He adds, however, that the stakes are high because of Twitter’s worldwide reach and reach.
“If there are insiders inside Twitter or someone hacks Twitter, there probably isn’t much standing in their way of doing what they want — you have an environment where there may not be many advocates left,” he says.
#Heres #bad #massive #Twitter #breach