Lessons learned from the Facebook breach: The Chain Reaction of Cybersecurity Hacks
By Alex Vaystikh, Co-founder, SecBI
Facebook recently suffered one of its major breaches in its history. Needless to say, if a Facebook cyberattack breach of this magnitude can happen to Facebook, every enterprise or organization is vulnerable. Facebook is known to have invested more than most other companies on cybersecurity, yet still it was hacked. This may explain their recent search to acquire a cybersecurity company.
Other significant successful cyberattacks, such as a sales engagement startup, Apollo — a data-hoarder — with 200 million contact details, were recently announced. All these recent events lead me to wonder about the security of our privacy. Our privacy is a collection of puzzle pieces we believe to share selectively, and pieces shared with us. However, when one of us gets breached by a cyberattack, we don’t just lose pieces of ourselves, but also pieces that have been entrusted to us.
Domino Formation in Facebook Cyberattacks
Like falling dominoes, a security breach is a chain-reaction. To illustrate this point, think of this cyberattack scenario: Imagine Alice and Bob are two users on Facebook:
- Alice changes her toothbrush every 3 months, and every time she does she changes her password too. Alice also uses two-factor authentication. She’s also smart enough not to use SMS, but instead she uses an app on her secure phone. She is careful to be consistent in her security measures, caring strongly about her privacy
- Bob cares about his privacy too, but he is less active in changing his passwords and other security measures.
- Alice and Bob are both work colleagues and Facebook friends.
- At work they collaborate often, sharing sensitive corporate data.
- On Facebook they share stories and pictures of their families and plans.
- Bob’s Facebook account gets hacked via malware that takes control and moves among everyone connected to his account.
- Bob reuses his password, one of those sites gets hacked and the hacker successfully uses it to access Bob’s Facebook account.
- The Facebook hacker now has access to everything Bob posted.
- Unfortunately, Bob is not the only victim! The hacker has access to everything Alice ever entrusted Bob with by sharing it with him.
- The victims: Bob, Alice, and all other Bob’s friends! It’s a chain-reaction!
As you can see, hacking becomes viral, as it travels the same path of “shared with friends”, and the same kill chain continues to travel among corporate colleagues
- The hacker managed to access Bob’s corporate computer. Bob is not a high level employee, yet has access to a lot of important data.
- All that data, the data that everybody entrusted Bob with, the private projects of his colleagues, their finances, benefits, track record — all those puzzle-pieces that Bob had access to are now gone due to the first initial breach which goes undetected.
Assembling the Puzzle
With every breach, we lose more pieces of our private data and those of our friends and colleagues. Cyberattacks targeting enterprises are becoming ever more connected and result in a chain reaction of malware or viruses that damage our lives and eco-systems of personal and corporate friends, losing critical data with every breach.
Cybersecurity is a growing problem not necessarily due to its increased occurrence or attempts, but because we share more and interconnect our work and private lives. It would be a great loss if we needed to separate all these parts of ourselves but we, and the enterprises where we work, should take the maximum measures including automated detection and investigation to secure our networks, so we do not lose pieces of ourselves nor cause damage to friends and colleagues who have put their trust in us.