What does the chaos on Twitter tell us about the security of our data?

These past few weeks have been busy for Twitter, from mass layoffs and the hasty announcement of the return of commercialization of the feature that allows forgery of people and brands, to the unintentional blocking of some users who have enabled a specific configuration of multiple factors of authentication ( MFA).

In addition, we have also seen significant layoffs of key people in the Information Security, Privacy and Compliance groups. And the situation changes every day!

Read more:

At first glance, it might seem like it has a greater impact on people than businesses/companies, but the whole issue highlights how easy it is for perceptions of a business to change overnight and raises questions about the stability of security among providers . So what can we learn from everything happening on Twitter?

First, we must recognize that while the Twitter acquisition has been hyped for a long time, most of these changes have not been announced upfront. This means that it is possible for the security and privacy posture of a company that hosts our data to change overnight, and this affects our cybersecurity risk profile.

Is your company prepared for this? How much does your company’s security depend on native controls within your application vendor’s technology? What is your ability to rapidly apply cloud security controls in the event of changes to your application or cloud service provider?

When issues like these arise with any technology vendor that has organizational data, teams will ask questions and be interested in risk plans like:

According to the shared responsibility model, companies must have a map of controls and responsibilities, and these must be reviewed to anticipate any changes in risk in the face of any major changes in the activity of their suppliers. Processes must be well defined, documented and continuously monitored, allowing the company to anticipate any problems.

Second, it underscores the ongoing risk to an enterprise where employees store and exchange sensitive data between a myriad of SaaS applications. Most of which aren’t even under the control of their own IT teams. Allowing the use of a trusted (but unmanaged) SaaS application is not always as risky as using an unreliable file transfer service with a poor privacy policy. But it’s crucial to remember that disclosing data far and wide only increases the risk of a service exposing that information.

This is why so many companies prefer to implement a zero trust access policy, limiting the amount and type of data exposed to those services.

We must also consider the possibility that one or more employees could sabotage the service, leak sensitive data or simply make a mistake because they are stressed and overworked. How would a (potentially large-scale) insider threat affect your business if similar issues occur at one of your cloud or application vendors?

As with any cybersecurity strategy, it’s critical to consider the balance between risk and business benefit. So, as companies continue to consume cloud services at an increasing rate, perhaps the fall of Twitter will help raise board executives awareness of these new types of risk. Additionally, there is hope that this will also help us as infrastructure and security professionals justify our programs and continued investment in cloud security controls and zero trust security frameworks.

The post What does the chaos on Twitter tell us about the security of our data? first appeared on Look Digital.

Source: Olhar Digital