Let This Be A Lesson – Taking Action From Twitter’s Whistleblower News
Do we need more real-time examples that good cybersecurity practices take time to put in place and continuous effort to maintain? Enter Twitter… again.
Last week, the press reported the former head of security for Twitter, Peiter “Mudge” Zatko, filed a whistleblower complaint with the SEC, FTC, and the Justice Department, alleging widespread security mismanagement at that company.
Mr. Zatko, a well-known security researcher and former ethical hacker had been brought in to help Twitter clean up its security posture after several public security breaches. The SEC and possibly the FTC will likely investigate. The Senate Judiciary committee has announced it will investigate and has scheduled a hearing on September 13th, where Mr. Zatko will testify.
That’s a lot of investigations and tax dollars at work.
This is yet another instance of cyber weaknesses that put Americans’ data and privacy at risk. The U.S. congress has been working on a comprehensive federal privacy law for several years. Several States already have their own privacy laws, and more are working on it.
If you are a company, specifically a publicly traded company, it is in your interest to make sure you have your cybersecurity ducks in a row. When regulators, third-party vendors, potential partners, or even customers, start asking questions about your cyber posture, you want to be in a good position to answer them. At that moment you’re likely months away from an adequate answer, let alone a good answer.
Get started now when no one is asking you for it. Don’t wait until you’re on the hook for it because if adequate won’t suffice, you don’t want to think about how bad will do.