Modern Threat Protection: Lessons Learned from the Facebook Data Breach

November 29, 2018   //   Security, ,

We live in a world where security incidents dominate headlines. The recent Facebook security breach, which exposed the accounts of 50 million users, is yet another example of how even the most high-profile companies are letting breaches slip through the cracks.

As the threat of cyber-crime has risen in the media, many midsize organizations are asking themselves, “if the Facebooks of the world are getting breached, what is a company with limited security resources like mine supposed to do?”

What We Can Learn from The Facebook Breach

With the rise of social media, cybercriminals have access to user’s personal information, making it easier than ever to impersonate co-workers, family members, and acquaintances through a phishing email, or dig up answers to security questions that only a user should know.

To combat these modern threats, companies are resolving to rely entirely on the built-in security features that their cloud-based applications can provide. They assume that their third-party SaaS providers are doing all the right things, leading to an “out of sight, out of mind” mentality. Of course, we now know that that this can be a very dangerous attitude to have.

As we’ve seen with the recent Facebook breach, integrations between SaaS platforms can lead to your systems becoming compromised. We’ve seen it happen with the integrations between Facebook and Instagram, but the same could happen with integrations between systems that you’re currently using to run your business, such as Salesforce and MailChimp or Trello and Zapier.

Simply put, placing workloads in the cloud doesn’t mean you’re off the hook to manage security internally. Essentially, the cloud doesn’t eliminate your security responsibility – it changes it.

Modern Threat Protection

While third-party providers of SaaS can reduce the overall security scope, modern threat protection still requires businesses to provide focused protection on each user’s identity, data, and assets. Here are some of the key considerations that every organization should make to protect their business from today’s threats:

  • Carefully consider identity management for access to systems with sensitive data.
  • Carefully consider where personal data is stored.
  • Create a due diligence process when evaluating SaaS partners to understand if their security posture aligns with your expectations.
  • Make sure you have a system that monitors and alerts on suspicious behavior and supporting procedures to appropriately responds to incidents.

If you don’t have the in-house expertise to implement the above, consider partnering with someone that has the security expertise to keep up with evolving threats and assist with evaluating and integrating new SaaS partners into your organization.