This is a classic case of why information security awareness is needed and should be taken seriously by senior leadership. It should not be viewed as something to meet the checkbox compliance we see so often today. What will it take for those in charge to wake up to some simple facts.
Security awareness will not cure all information security ills but it is a necessary component in the protection of our information resources.
If Twitter needed any more evidence that it has a serious security problem, this should do it: Stocks plunged sharply on Tuesday after a hacker accessed a newswire's account and tweeted about a false White House emergency.
And there it is: After years of hacks that typically involved little more than obscene language, Twitter's subpar security measures have now caused serious real-world consequences.
Many hacks happen when account owners use guessable passwords or access Twitter over public Wi-Fi and shared computers. If one person who tweets from a corporate account loses his or her phone, an entire corporation's Twitter account could be at risk.
The AP incident appears to be an example of social engineering. The news service posted a story Tuesday afternoon explaining that attackers gained access to the account after launching phishing attempts. When phishing, attackers pose as legitimate companies, such as Twitter, in an attempt for account holders to give up their passwords.
Tuesday, April 23, 2013
Subscribe to:
Comments (Atom)