Monday, May 17, 2021

C-Suite Agenda

What Executive Leaders Must Take from the Twitter Hack

Last Wednesday, Twitter suffered the worst security incident in its history. The incident shows leaders that they cannot depend on social media platforms for comprehensive account security. They need dedicated tools that offer extra protection.

On July 15, a coordinated attack saw hackers gain access to some of the biggest accounts on Twitter, including those belonging to Jeff Bezos, Elon Musk and Joe Biden. From these high-profile accounts, the hackers tweeted a URL containing a Bitcoin-related scam. The scam earned the attackers $120,000 within two hours.

The key takeaway executive leaders need to learn from this attack is that, no matter how high profile you are, social media accounts are vulnerable – and always will be.

Why? Because of the human element. Though the details of the attack are still emerging, we do know that a Twitter employee was involved. Through an act of social engineering, the employee was tricked into doing something – probably either clicking a malicious link, or divulging information – that allowed the attackers to gain access to Twitter’s internal systems. It seems that the way into these systems may have been gaining access to Twitter’s Slack instance.

The fact that duping a single employee at Twitter is all it takes to gain access to some of the most high-profile accounts on earth is understandably worrying for executives. It’s tempting to think the smart thing is just to say off the platform altogether. However, leading from fear isn’t a viable or responsible option. Executive leaders need to lead. They cannot neglect social media, which is a powerful communication channel.

The proper tools can protect executives from breaches like that suffered by Bezos, Musk and Biden. When executive protection is made a board-level issue, organizations can begin to systemically onboard software that offers leaders proper digital risk protection, and massively improves upon the security that Twitter, LinkedIn, Facebook, or even WhatsApp is able to provide.

The right security layers protect at the account level, securing executives across any device or network. In the case of an attack like the recent Twitter hack, changes in the Twitter admin panel wouldn’t be enough to compromise an account. Account-level protections would remain in place, providing a block on login changes or other sensitive behavior. In theory, an attacker could disconnect the security tool within Twitter, but this too would trigger an alert. A proper security tool would continue to scan for abnormal behavior of the kind that led to the spurious Bitcoin link being tweeted out.

However the attacker behaved, a more powerful security tool could quickly detect the hackers activity in the Twitter account, and alert the user. It could also offer a secondary line of defense, where any message containing a suspicious word, URL, or regular express, such as “bitcoin” is quarantined and stopped from going live. This, in fact, is now what Twitter themselves took action via a more basic filtering function. For high-profile individuals, proactive defense against suspicious messages or links should be the norm.

Executives need more protection than what platforms like Twitter can currently offer. This protection needs to be proactive, and exist at the level of the account, not the application or device. Such added security should provide the power to both detect anomalies and remediate issues.

Moreover, leaders need to extend this proper protection to their lieutenants and senior staff. Direct messages exchanged on cloud platforms can contain highly sensitive information, all the way up to budgets and company IP. These messages need to be safeguarded just as diligently as emails are safeguarded.

Incidents like the one Twitter is currently reeling from will continue to occur. Cybercriminals are relentless, and forever evolving their methods. Business Leaders shouldn’t be caught in a reactive posture, they must lead from the front and protect the modern communication channels they need.

Commentary by Jim Zuffoletti. Here’s what you’ve missed?
World’s Best Countries For Business Expats.
Best Countries For Business In Europe For Non-European Investors.
The World’s Best Non-Native English Speaking Countries.
O’Mega superyacht and TITANIA superyacht available for Luxury Superyacht Charter.

Jim Zuffoletti
Jim Zuffoletti has been a founder of start-up organizations as both an entrepreneur and an intrapreneur for the past twenty-five years. Jim is CEO and co-founder of SafeGuard Cyber, a digital risk protection company securing brands, VIPs, and team members in the new world of social media and digital communications. Jim was previously CEO and President of OpenQ which enabled pharmaceutical, biotech, and medical device companies to discover, regulate, and leverage the social networks forged with outside influencers and researchers. Jim Zuffoletti is an opinion columnist for the CEOWORLD magazine. Follow him on Twitter or connect on LinkedIn.