A whistleblower complaint against Twitter filed this summer by the microblogging and social networking platform’s former head of security, Peiter Zatko, alleges substantial and systemic security failings at the company. With over 238 million daily users, including government agencies, Twitter is responsible for protecting the personal information of some of the world’s most influential public figures. It has failed, the complaint alleges.
According to a redacted copy of the complaint, filed with the Securities and Exchange Commission, the Department of Justice, and the Federal Trade Commission, Twitter was wildly cavalier in applying the terms of an earlier settlement with the FTC. Among the allegations included in the complaint are specific flaws in the platform’s software, as well as broader shortcomings in Twitter’s cybersecurity posture. Those include:
- Executives obfuscated the number and extent of cybersecurity incidents on the platform when briefing both the board of directors and external regulators.
- Thousands (up to half) of employees had poorly-tracked, root access to core software and user data.
- Servers lacked basic security controls, were out-of-date, and relied on vulnerable software.
- Increasing the number of platform users was prioritized above all else.
Twitter denies the allegations and has suggested that security practices have been bolstered significantly since Mr. Zatko’s time with the company. An investigation is ongoing. While the complaint centers on one specific and very large public company, it offers a roadmap to any business or government agency constructing their own cybersecurity plans – how to prevent, discover, isolate, disclose, and recover from a cybersecurity incident.
Best Practices for Enhanced Cybersecurity
A comprehensive disaster recovery plan helps organizations tackle a potential disaster head-on, but developing and maintaining such a plan benefits a company year-round – not just in times of crisis. Deploying internal controls and procedures to protect user data, update and maintain software and systems, and inhibit insider threats leaves organizations better positioned for operational success.
Avoid the cybersecurity and reputational risks plaguing Twitter. Turn to GovDataHosting for a well-thought-out business continuity and disaster recovery plan, aided by our leading cloud technology specialists for high impact systems and data. Let’s talk about your current cybersecurity posture, and then put together a plan to take it to the next level.