Security Awareness Training Isn’t Exciting – But You Don’t Want the Twitter Hack Kind of Excitement
When we first heard about the 2020 Twitter hack, questions and speculation started flying around the cybersecurity world. Was it state-sponsored attackers? Political groups? A gang of professional cybercriminals? Considering the size and scope of the hack and the high profile of the targets, not to mention the security expectations for a company like Twitter, experts immediately assumed that the hack was highly-organized and technologically advanced. But they were wrong – one phished password was to blame. The mastermind behind the Twitter breach was a 17-year-old kid who successfully phished and caught a privileged employee password.
How Did the Humble Password Cause Havoc at Twitter?
The process that this hacker used to get his hands on a useful employee password for Twitter was laughably simple – phishing. Specifically, spear phishing. In a recent update on the incident, Twitter noted that the hacker/s gained access to an account management dashboard by using social engineering and spear-phishing (including attacks on smartphones) to obtain credentials from Twitter employees that allowed them to access internal systems.
How Can You Prevent This From Happening to You?
Security awareness training, including phishing resistance and credential handling, isn’t very glamorous, but it could have prevented the 2020 Twitter hack. People can and will make mistakes, and as long as users are accessing systems and data, they need to be trained in security awareness and risk management to avoid potentially devastating (and embarrassing) incidents like this one.
Training your employees to resist today’s #1 security threat, phishing attacks, is the biggest long-term improvement in security that you can make. Over 90% of attacks that end in a data breach start with phishing and a huge increase in phishing attacks means that your staff is putting your business at risk with every email ( or company sms text or instant message) that they handle. Not to mention, phishing is the most common delivery system for ransomware. Just like Twitter, your company is 1 click away from a cybersecurity disaster.
BullPhish ID quickly increases employee phishing resistance, creating awareness of unexpected phishing threats, including COVID-19 threats. Perfect for in-office or remote training, easy management tools enable set-it-and-forget-it training for customizable groups of users. Our constantly updated plug-and-play training content includes over 80 complete phishing resistance training kits and 50 security video campaigns – with 27 videos available in 8 languages. See BullPhish ID at work in a 10-minute demo video.
Does Your Staff Really Know Better Than to Share Their Passwords? Boost Password Security With Automated Protection.
Password security is an ongoing problem for every company. One compromised password was enough for these hackers to access sensitive systems at Twitter, allowing them to manipulate user accounts and see confidential data. Recycling and resuse raise risk – 48% of workers use the same passwords in both their personal and work accounts. Which is a big problem, because compromised passwords cause 81% of data breaches.
Passly helps solve your password security problem by providing additional security that blunts the impact of a compromised password with one simple but powerful tool: multifactor authentication (MFA). Your login system will ask every user for a code or authentication token delivered through an app, text message, or another method, every time they log in – and that’s something that the bad guys won’t have, denying them access to your systems and data. Watch a 10-minute demonstration of Passly now.
Even Twitter Needs to Improve Security Awareness Training. Shouldn’t You Do That Too?
Increasing security awareness with improved phishing resistance training and password safety tools sounds like the kind of routine maintenance that can be put off “until things slow down”, but it can’t. 2020 is on track to be a record year for data breaches, and you don’t want to be part of that record. As this incident at Twitter illustrates, adherence to basic security protocols can save companies from cybercrime – and that’s a threat every company is facing every day.