@TwitterSupport A Lesson In Incident Response Comms
If you are a user of the social media platform Twitter (it’s where the cool kids moved to when their parents joined Facebook, and what the younger kids avoid in favour of Tik Tok). There was a bit of a breachy weachy that went on.
There are plenty of stories that are speculating on the how, what, why, who, where aspect of the story, and I’m not investigating this and will wait for actual details to become available.
Of course though, whenever an organisation is breached, two things happen. First there is an outpouring of outrage as to how the victim organisation could be so stupid as to allow an attack to happen, which in quick succession is followed up with, “If only they’d bought my tool / hired my services / listened to my Defcon talk they wouldn’t have been in this mess.”
@TheGrugq, @QuinnyPig and @TinkerSec all made good points in relation to this.
In fact, it’s worth checking out the tweet threat that @QuinnyPig laid out on the topic, he makes some very valid observations throughout.
Breaches can happen to anyone, and how you respond to it in the heat of the moment really showcases the organisation and its culture. In this respect, I think Twitter did a phenomenal job of acknowledging the issue and posting regular updates. This was from both Jack and the official TwitterSupport account.
I recommend checking out what TwitterSupport had to say, it’s worth dissecting the thread as a good example of not only how to communicate with your users, but you can also, to a degree, unpick the order in which their incident response team was working.
Let’s start at the beginning:
Am I a total Twitter fanboi who thinks they’ve done no wrong? Of course not, but that’s not the point. We all make mistakes, every organisation makes mistakes, we all run risks. I don’t think yelling at them will help, especially when they seem to be doing a great job at handling the incident.
I’ll leave the final word to QuinnyPig – Security is a trade-off. Make things secure enough and nobody will be able to use the damned thing.
*** This is a Security Bloggers Network syndicated blog from Javvad Malik authored by j4vv4d. Read the original post at: http://feedproxy.google.com/~r/J4vv4d/~3/vemmr6H8grc/