Security Awareness Training Isn’t Exciting – But You Don’t Want the Kind of Excitement That Twitter Just Experienced Because of a Phished Password.
When we first heard about the Twitter hack, questions and speculation started flying around the cybersecurity world. Was it state-sponsored attackers? Political groups? A gang of professional cybercriminals? Considering the size and scope of the hack and the high profile of the targets, not to mention the security expectations for a company like Twitter, experts immediately assumed that the hack was highly-organized and technologically advanced. But they were wrong – one phished password was to blame. The mastermind behind the Twitter breach was a 17-year-old kid who successfully phished and caught a privileged employee password.
How Did the Humble Password Cause Havoc at Twitter?
The process that this hacker used to get his hands on a useful employee password for Twitter was laughably simple – phishing. Specifically, spear phishing. In a recent update on the incident, Twitter noted that the hacker/s gained access to an account management dashboard by using social engineering and spear-phishing (including attacks on smartphones) to obtain credentials from Twitter employees that allowed them to access internal systems.
How Can You Prevent This from Happening to You?
Security awareness training, including phishing resistance and credential handling, isn’t very glamorous. But cybersecurity risk involving user error is not something that can be solved without it. People can and will make mistakes, and as long as users are accessing systems and data, they need to be trained in security awareness and risk management to avoid potentially devastating (and embarrassing) incidents like this one.
A Successful Phishing Attack Led Directly to This Breach. Improve Your Staff’s Phishing Resistance.
Training your employees to resist today’s #1 security threat, phishing attacks, is the biggest long-term improvement in security that you can make. Over 90% of attacks that end in a data breach start with phishing, and a huge increase in phishing attacks means that your staff is putting your business at risk with every email ( or company sms text or instant message) that they handle. Not to mention, phishing is the most common delivery system for ransomware. Just like Twitter, your company is 1 click away from a cybersecurity disaster.
BullPhish ID quickly increases employee phishing resistance, creating awareness of unexpected phishing threats, including COVID-19 threats. Perfect for in-office or remote training, easy management tools enable set-it-and-forget-it training for customizable groups of users. Our constantly updated plug-and-play training content includes over 80 complete phishing resistance training kits and 50 security video campaigns – with 27 videos available in 8 languages.
Take a look at how our cost-effective, up-to-date, phishing resistance training quickly reduces your risk of ransomware or compromise through email.
Even Twitter Needs to Improve Security Awareness Training. Shouldn’t You Do That Too?
Increasing security awareness with improved phishing resistance training and password safety tools sounds like the kind of routine maintenance that can be put off “until things slow down”, but it can’t. 2020 is on track to be a record year for data breaches, and you don’t want to be part of that record. As this incident at Twitter illustrates, adherence to basic security protocols can save companies from cybercrime – and that’s a threat every company is facing every day.