David Kennedy, CEO of incident response firm TrustedSec, who previously worked at the NSA and US Marines, said: “Twitter seems to have neglected security for a very long time, and With all the changes, there is bound to be a risk.” signal intelligence unit. “There is still a lot of work to be done to stabilize and secure the platform, and there is certainly an increased risk from a malicious insider perspective due to all the changes that occur. As time goes on, the probability of an incident decreases, but the security risks and technology debt are still there.”
A Twitter breach can expose a company or its users in a myriad of ways. Of particular concern would be an incident that endangers users who are activists, dissidents or journalists under repressive regimes. With more than 230 million users, a Twitter breach would also have potentially far-reaching consequences for identity theft, harassment, and other harm to users around the world. And from a government intelligence perspective, the data has proven valuable enough over the years to boost the government spy infiltrate companya threat the whistleblower Zatko said Twitter was not prepared to fight.
The company has come under scrutiny by the US Federal Trade Commission for its past activities, and on Thursday, seven Democratic senators call for FTC to investigate whether “reported changes to internal assessments and data privacy practices” at Twitter violate the terms of a 2011 settlement agreement between Twitter and the FTC regarding mishandling past data or not.
If a breach occurs, of course, the details will dictate the consequences for users, Twitter, and Musk. But the outspoken billionaire may want to note that, at the end of October, the FTC command against online delivery service Drizly along with personal sanctions against its CEO, James Cory Rellas, after the company disclosed the data of about 2.5 million users. The order requires the company to have stricter policies regarding information deletion and minimizes data collection and retention, and requires the same for Cory Rellas at any future companies that he works.
Speaking broadly on the current digital security threat landscape at the Aspen Cyber Summit in New York City on Wednesday, Rob Silvers, Department of Homeland Security’s deputy secretary for policy, urged companies and other organizations to be vigilant. “I wouldn’t be too complacent. We see enough targeted intrusions and successful hacks every day that we can’t let our guard down even a little bit,” he said. “Defense matters, resilience matters in this space.”
Dan Tentler, founder of attack simulation and remediation company Phobos Group, who worked in Twitter security from 2011 to 2012, points out that despite the current turmoil and state of affairs The lack of personnel in the company creates urgent potential risks, but it can also pose challenges for attackers. Difficulty in this moment is mapping the organization to target employees who are likely to have strategic access or control within the company. However, he added that the high risk is due to Twitter’s size and reach worldwide.
“If there are still people on Twitter or someone is violating Twitter, there probably isn’t much stopping them from doing whatever they want—you have an environment where there may not be as many defenders left,” he said. .
