An unprecedented Twitter cyber security breach affected the accounts of Elon Musk, Barack Obama, Joe Biden, Jeff Bezos, Bill Gates, Apple, Uber, and 123 other well-known brands and individuals to promote a bitcoin scam on July 15.
Twitter determined that several employee accounts were compromised after they were tricked into providing their credentials in a coordinated attack. However, Vice reports that a Twitter insider reportedly assisted the perpetrators in executing the hacks. Regardless, it seems the hack would not have been successful without the insider access.
What is an insider threat?
An insider threat is a security risk that originates from within an organization. Insider threats intentionally or unintentionally misuse access to negatively affect the integrity, confidentiality, or availability of an organization’s critical information or systems. An insider threat can be a consultant, former employee, contractor, or business partner.
What can organizations do to protect themselves against insider threats?
The below is not an exhaustive list, but it is a good start and significantly reduces the risk of being caught off-guard.
- Be transparent about any insider threat programs or policies you may already have in place: Letting employees know that they exist will deter more internal risks than the program or policies themselves.
- Enforce strict data policies: Host regular security awareness training sessions to reinforce policies.
- Rigorously background screen new employees: Ensure potential new employees have not been found guilty of nefarious actions in the past.
- Immediately change password access to computers after employees leave: This prevents former employees from accessing any sensitive data.
- Confirm departing employees do not have company data on their personal devices.
- Inform vendors and third parties of relevant employee terminations: This will prevent fraudulent requests for sensitive data.
- Regularly review employee access controls: Revoke permissions if employees do not need access to an account or program. See our blog for more information on the Principle of Least Privilege.
- Educate employees on best password practices: Encourage strong passwords, refrain from using shared credentials, and make regular password changes mandatory.
- Develop plans for insider threat scenarios: Preparedness is key to quickly responding to an insider threat incident. See our blog post on IR plans for more information.
Update: Late on 30 June, Twitter reported that the attack was the result of spear phishing, with hackers compromising employees’ credentials to gain access to internal process documentation which then led them to further staff members with access to account support tools.