Key Takeaways from the (Most Recent) Facebook Data Breach

Key Takeaways from the (Most Recent) Facebook Data Breach

October is National Cybersecurity Awareness Month! Make sure you keep your security analytics solutions up-to-date! Give your enterprise with the detection capabilities vital to its digital safety!

Another week, another major hack on an enterprise.

Facebook, the social media giant, discovered a data breach late last week affecting around 50 million users. Facebook discovered three malware strains had penetrated their unique “View As” capability; this tool was supposed to allow users to find out what information was publically available. The hackers, who have not yet been identified, used it to steal untold amounts of data.

What data exactly was stolen in the Facebook data breach—and whether it has been used for malicious purposes—has not been determined. Compounding the crisis, 40 million additional Facebook accounts, raising the total affected to 90 million.

Facebook CEO Mark Zuckerberg said in a statement: “I’m glad that we that we found this and that we were able to fix the vulnerability and secure accounts. But it definitely is an issue that this happened in the first place.”

“And I think this underscores the attacks that our community and our service face, and the need to keep on investing heavily in security and being more proactive about protecting our community. And we’re certainly committed to doing that.”

But simply hearing about the Facebook data breach does not help enterprises grow and adapt their threat detection strategies. Instead, enterprises need to ask themselves what they can learn from the Facebook data breach and act on those lessons.

Here are a few of our suggestions:

Cybersecurity is the Opposite of Carelessness

Facebook has long been famous for its “move fast and break things” philosophy—prioritizing fast innovations even at the cost of coding errors. 2018 revealed the inherent flaws in this motto. Both the Facebook data breach and the Cambridge Analytica scandal show that being careless with network security or data privacy creates damage in the long-term.

Facebook has been trying to move away from their prioritizing of speed over stability. Your enterprise should do the same. Your digital products and services should be carefully monitored and subject to threat detection on a regular basis to find potential security flaws before they become larger issues.   

Investing in Cybersecurity Is Only Part of the Equation

It would be easy to dismiss the Facebook data breach as simply another enterprise failing to understand the seriousness of digital threats. However, such a dismissal would be inaccurate. Zuckerberg previously promised to increase their security staff and spend more on artificial intelligence; they also appear to be fulfilling this promise.

However, the Facebook data breach proves cybersecurity is more than investment. Facebook still lacks a chief security officer who could have directed their internal security resources. Your enterprise should have a CIO or CISO in charge of your cybersecurity direction. Furthermore, Facebook also demonstrates how cybersecurity can often fall prey to the classic warfare mistake of “preparing for the last war.”

Legacy network security solutions and legacy SIEM solutions are often designed to combat previously seen threats, leaving enterprises vulnerable to hackers’ innovative attacks. They are constantly preparing to fight against threats, malware, and other threats from the past while hackers are constantly innovating their tools. Next-generation SIEM solutions are better prepared to combat upcoming threats as well as older malware. Replacing your legacy solution might be in your best interest.     

Synthesizing these points, Facebook has largely been committed to combating the security issue of fake news. While this is essential, it also demonstrates fighting the previous war—a direction that might have contributed to their current compromise. A CIO might have been able to mitigate these problems by providing a stronger direction for the future. Your enterprise might want to keep this lesson in mind.    

Dwell Time Still Counts Significantly

The malware strains responsible for the Facebook data breach first penetrated its network in July of last year. Yet evidence of the bugs was only discovered on September 16 of this year.

The long dwell time most likely contributed to the damage Facebook discovered; more dwell time means more stolen information. Your enterprise should work to curtail dwell time by conducting regular threat hunting expeditions into your network, improving the security event correlation capabilities of your SIEM solution, and reducing false alarms.

Every Hack Affects Everyone Else

There is a concept in immunology called “herd immunity.” It refers to the indirect protection from infectious diseases generated by a large population immune to said infections. Individuals who aren’t immune benefit from the immunity of others.

Cybersecurity does not have herd immunity, and because of that an infection/hack can actually damage more than the enterprise. While no third-party entities have been confirmed as affected as of yet, the Facebook data breach could result in breaches at other breaches as reused passwords or exploited social sign-on become weaponized.

Every hack can result in more hacks. Ensure your enterprise uses distinct passwords not used elsewhere to avoid being caught up in the wave of hacks. Consider securing your employee’s credentials as a social service as much as a self=perserving act. 

Other Resources: 

The 10 Coolest SIEM and Security Analytics CEO Leaders

5 Tips for Setting Up a Security Operations Center (SOC)

Get Your Employees to Embrace SIEM Best Practices!

4 Tips to Make Data Breach Detection Easier For Your Enterprise

Enterprises: Don’t Become Complacent in Your Cybersecurity!

How to Make Your SIEM Solution Deployment Easier for Your Enterprise

Comparing the Top SIEM Vendors — Solutions Review

How UEBA Can Prevent Insider Threats in your Enterprise

SIEM vs Security Analytics: What’s the Difference?

Should Risk Analytics Bridge the Cybersecurity Talent Gap?

What’s Changed? The Gartner 2017 Security Information and Event Management (SIEM) Magic Quadrant

The 25 Best Security Analytics and SIEM Platforms for 2018

Are C-Level Leaders on the Chopping Block over Cybersecurity?

Ben Canner

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner

Leave a Reply

Your email address will not be published. Required fields are marked *