October is National Cybersecurity Awareness Month! Make sure you keep your security analytics solutions up-to-date! Give your enterprise with the detection capabilities vital to its digital safety!
Another week, another major hack on an enterprise.
Facebook, the social media giant, discovered a data breach late last week affecting around 50 million users. Facebook discovered three malware strains had penetrated their unique “View As” capability; this tool was supposed to allow users to find out what information was publically available. The hackers, who have not yet been identified, used it to steal untold amounts of data.
What data exactly was stolen in the Facebook data breach—and whether it has been used for malicious purposes—has not been determined. Compounding the crisis, 40 million additional Facebook accounts, raising the total affected to 90 million.
Facebook CEO Mark Zuckerberg said in a statement: “I’m glad that we that we found this and that we were able to fix the vulnerability and secure accounts. But it definitely is an issue that this happened in the first place.”
“And I think this underscores the attacks that our community and our service face, and the need to keep on investing heavily in security and being more proactive about protecting our community. And we’re certainly committed to doing that.”
But simply hearing about the Facebook data breach does not help enterprises grow and adapt their threat detection strategies. Instead, enterprises need to ask themselves what they can learn from the Facebook data breach and act on those lessons.
Here are a few of our suggestions:
Cybersecurity is the Opposite of Carelessness
Facebook has long been famous for its “move fast and break things” philosophy—prioritizing fast innovations even at the cost of coding errors. 2018 revealed the inherent flaws in this motto. Both the Facebook data breach and the Cambridge Analytica scandal show that being careless with network security or data privacy creates damage in the long-term.
Facebook has been trying to move away from their prioritizing of speed over stability. Your enterprise should do the same. Your digital products and services should be carefully monitored and subject to threat detection on a regular basis to find potential security flaws before they become larger issues.
Investing in Cybersecurity Is Only Part of the Equation
It would be easy to dismiss the Facebook data breach as simply another enterprise failing to understand the seriousness of digital threats. However, such a dismissal would be inaccurate. Zuckerberg previously promised to increase their security staff and spend more on artificial intelligence; they also appear to be fulfilling this promise.
However, the Facebook data breach proves cybersecurity is more than investment. Facebook still lacks a chief security officer who could have directed their internal security resources. Your enterprise should have a CIO or CISO in charge of your cybersecurity direction. Furthermore, Facebook also demonstrates how cybersecurity can often fall prey to the classic warfare mistake of “preparing for the last war.”
Legacy network security solutions and legacy SIEM solutions are often designed to combat previously seen threats, leaving enterprises vulnerable to hackers’ innovative attacks. They are constantly preparing to fight against threats, malware, and other threats from the past while hackers are constantly innovating their tools. Next-generation SIEM solutions are better prepared to combat upcoming threats as well as older malware. Replacing your legacy solution might be in your best interest.
Synthesizing these points, Facebook has largely been committed to combating the security issue of fake news. While this is essential, it also demonstrates fighting the previous war—a direction that might have contributed to their current compromise. A CIO might have been able to mitigate these problems by providing a stronger direction for the future. Your enterprise might want to keep this lesson in mind.
Dwell Time Still Counts Significantly
The malware strains responsible for the Facebook data breach first penetrated its network in July of last year. Yet evidence of the bugs was only discovered on September 16 of this year.
The long dwell time most likely contributed to the damage Facebook discovered; more dwell time means more stolen information. Your enterprise should work to curtail dwell time by conducting regular threat hunting expeditions into your network, improving the security event correlation capabilities of your SIEM solution, and reducing false alarms.
Every Hack Affects Everyone Else
There is a concept in immunology called “herd immunity.” It refers to the indirect protection from infectious diseases generated by a large population immune to said infections. Individuals who aren’t immune benefit from the immunity of others.
Cybersecurity does not have herd immunity, and because of that an infection/hack can actually damage more than the enterprise. While no third-party entities have been confirmed as affected as of yet, the Facebook data breach could result in breaches at other breaches as reused passwords or exploited social sign-on become weaponized.
Every hack can result in more hacks. Ensure your enterprise uses distinct passwords not used elsewhere to avoid being caught up in the wave of hacks. Consider securing your employee’s credentials as a social service as much as a self=perserving act.
Latest posts by Ben Canner (see all)
- Top Five SIEM Books for Cybersecurity Professionals - September 17, 2020
- The Staples Data Breach: Why “Low Impact” Breaches Still Cause Serious Damage - September 15, 2020
- Recent SIEM Statisitics for Cybersecurity Professionals: Q3 2020 - September 11, 2020