Facebook and Beyond: Six Lessons From Recent Cybersecurity Breaches
By now, most have heard of Facebook’s recent security breach – a widespread data compromise that left over 30 million users exposed. Though initial estimates of the accounts affected were much higher, the information compromised was more substantial than originally reported. As one of the largest collectors of personally identifiable information in the world, Facebook’s breach is a sobering reminder that cyber threats are growing exponentially.
So what lessons can companies learn from Facebook and other cybersecurity breaches?
A Quick Look at The Breach
In late September, it was initially reported that basic personal information had been compromised on up to 50 million Facebook accounts. Later, this number was revised to 30 million users, but it was also revealed that significantly more information than was previously thought had been compromised.
- The last 15 search queries the user had made on the Facebook platform
- The last 10 locations the user had physically checked into
- The gender, religious affiliation, and other biographical details
- The telephone number and email addresses
- The platform and devices used
Only about 15 million out of the 30 million had a significant amount of their privacy breached, and neither credit card information nor password information was compromised. Nevertheless, news of the breach was not welcomed by many, and the consequences may be ongoing. About 90 million users were forced to log out to reset their profiles, and it remains to be seen what cybercriminals will do with the information they accessed.
Lessons From Facebook’s Cyber Breach
Though Facebook may be one of the biggest enterprises on the planet, in some ways it has more leeway than other companies when it comes to cybersecurity breaches – after all, there aren’t many direct competitors to Facebook. Other organizations need to be stricter with their security, because in the event of a breach their customers or users can simply move to a competing provider. With that in mind, there’s a lot for any organization to learn from Facebook’s cybersecurity missteps.
Here are six of the most important lessons:
1. Attackers will always find a way in, regardless of the size of your company.
While larger companies may present a larger attack surface for criminals, companies of all sizes must operate on the assumption that attackers will seek them out and will find a way in. Facebook’s platform, for example, is so mired in complexity that it’s become cumbersome for the company to manage. But even smaller organizations with simpler infrastructures need to continually improve cybersecurity and invest in network monitoring solutions to quickly identify advanced threats operating on your network.
2. The more robust a piece of software is, the more testing it requires.
In the case of Facebook’s breach, cybercriminals were able to use an API feature that had been intentionally added in order to access user tokens. These types of oversights are not uncommon in complex, robust platforms. Software companies need to invest more in Quality Assurance testing and bug bounties, as it often isn’t possible for a company itself to find these security issues. Software developers could also benefit from adopting new techniques and strategies for ensuring the security of their software, such as competing in hacking competitions. According to Lastline’s CTO, Dr. Giovanni Vigna:
“When developing software, it’s critically important to think beyond just getting the software to accomplish the task at hand effectively. One good, and fun, technique for teaching how to develop secure software is hacking competitions. Teams compete in a secure environment with the objective of hacking into other teams’ systems while at the same time protecting your team from attack. The best way to protect yourself, and your software, from the bad guys is to learn how to think like a bad guy.”
3. Cybercriminals are more organized today.
Once a vulnerability such as Facebook’s is known, it quickly proliferates throughout the cybercriminal industry. Organized cybercriminals are able to extract large volumes of information quickly, taking advantage of these vulnerabilities as they arise. It is still unknown what will be done with the information stolen from Facebook, but it’s likely that the information will be traded on the darknet for some time to come.
4. Once a breach has occurred, the data is out there.
There’s nothing Facebook can do about the phone numbers, email addresses, and demographic information that has been captured; all Facebook can do is wait and see how this information impacts its users long-term. Phone numbers and email addresses, in particular, are likely to be sold – if not for cybercrime, then for the purposes of spam emails and advertising.
5. A high-profile target will continue to be attacked.
This isn’t Facebook’s first data breach. It’s not even their first data breach this year, although the first compromise of personal information occurred due to business processes rather than a technical vulnerability. Once cybercriminals realize that a system’s data may be accessible, they will continue to break into that system – even if the first vulnerability has been addressed. Companies that have already experienced data breaches or data leakage must be especially vigilant of their security solutions moving forward.
6. Organizations can’t always control their data security.
Many businesses, as well as individuals, have information stored on platforms like Facebook. This information can be accessed if that platform is breached – and this information could later be used against the organization, for the purposes of social engineering or phishing. Consequently, it isn’t enough for you to lock down the data that you can control. Organizations also need to be able to detect suspicious network activity that could indicate that data stored elsewhere may have been compromised.
Cybercriminals are organized, capable, and persistent. Not only do they stand to gain significantly by breaching your system, but there are also virtually no consequences for failing to do so. If bad actors can compromise a major system such as Facebook, your own system is also at risk.
However, there are ways that your organization can protect itself. By adapting to new threats, continually reviewing your technology, and updating your systems, you can avoid long-standing issues that compromise your system such as the issue discovered in Facebook. Better technology and better training lead to a better response to threats.
Persistence involves three elements: people, process, and technology. If any of these elements becomes a weak link, the security system as a whole will falter. Attackers are persistent; businesses need to be, too.
The biggest takeaway from the Facebook breach is that your organization must be vigilant and adapt to new threats. Advanced cybersecurity solutions, such as AI-powered network traffic analytics, can monitor your network activity for suspicious events that precede a data breach, thereby reducing your organization’s overall risk.
Latest posts by Bert Rankin (see all)
- AI Done Right – Not all AI-powered Network Security is Created Equal - February 13, 2019
- IoТ Botnets: Predators of Those Innocent-looking Connected Devices - February 5, 2019
- Fast is Never Enough for Security Incident Response – It Needs to Get Smart - January 30, 2019