Leader of the Free World Shut Down by Disgruntled Employee at Twitter: Lessons Learned
By: Ali Gomulu
In late 2017, one of the world’s most famous and active “tweeters” – US President Donald J. Trump – was shut down for eleven minutes when a rogue employee deactivated the account before leaving the company. In fact, the employee was a contractor, and while eleven minutes may not seem that important in the broader scheme of things, who is to say that same individual couldn’t have posted something, about another nation, for example, before shutting President Trump’s account down?
This event sent shock waves through social media and through the IT community – yet another “wake up call” proving that ignoring best practices when it comes to privileged access can result in very bad consequences.
After the “SNAFU”, Twitter announced it had launched an internal review and is now shoring up security to ensure privileged access to the platform is managed more closely and with more powerful software.
If Twitter wants to continue to grow, part of growing is persuading the world that Twitter is a safe and secure place for celebrities, politicians, and individuals to share information. Ultimately, Twitter learned that their own employees were in-fact the weakest links, in this case. An insider was motivated to do harm and succeeded because there were not strong enough policies and governance in place around identity management.
Social media companies have long argued that there will be mistakes made since social platforms are open. That may be true, but mistakes made by individual end-users are very different than the harm inflicted by employees and contractors with unbridled access. Why? Because it is 100% possible to control who has access to which networks and applications, which is why the widespread adoption of Ironsphere’s PAM solutions have been growing so rapidly.
President Trump wrote, a few hours after the attack, “My Twitter has been seriously hacked— and we are looking for the perpetrators.”
CISOs and their security teams should consider ways to improve their privileged account management practices. Some organizations might benefit from implementing a comprehensive approach to password management in general, not just for privileged accounts.
An integrated identity and access management (IAM) solution that contains a high-security password vault for the most important accounts can also lend added security to the entire system and ensure that credentials can be controlled and modified as users’ needs change over time.
Lesson learned…Privileged Account Management and Access Control Systems protect assets, systems, and reputations.
We have all found ourselves in a different world of work given the events that have defined 2020, and few professionals are feeling the pressure more than IT and OT teams.
Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.