This isn’t going to get many “likes.”
Facebook has just disclosed that cyber criminals exploited a security flaw and attacked its system, affecting the accounts of nearly 50 million users and exposing their most private information. The flaw was discovered Tuesday, but the social media giant has kept mum until today.
The Facebook Cyber Attack
Facebook reports that law enforcement has been informed of the attack, and that investigations are underway. However, the company says it is still too early to say exactly how the bug was used and who is behind it. What they do know is that the vulnerability was related to the "view as" tool, which allows people to see their own profiles as they would look to other people. The hackers exploited that, stealing the "access token" that keeps user accounts safe and then breaking into them.
Facebook states that anyone affected is likely to be informed during the investigation, but that there is nothing users can do now except to check that their account does not appear to have been used by somebody else. While regularly changing passwords is a good practice, Facebook says that unfortunately making a change now is “too little too late,” and it will not be able to undo the effects of this attack.
The "view as" feature has been turned off for now, and coding has been reset so that the hackers who broke into accounts will now be denied access. Of course, this is of little consolation to users which is reflected by the company’s stock; it dropped 3% immediately following the news.
What Can We Learn From the Facebook Breach?
Cyber criminals regularly seek out businesses, government agencies, healthcare organizations, and universities to hijack data for ransom money, or to use the information for their own personal means. The more information they can get, the better. So with nearly 2 billion active monthly users, it’s no surprise Facebook would be a prime target for cyber criminals. This latest attack has many organizations wondering, if a behemoth like Facebook can be hacked, what about my company?
There are a number of ways organizations can protect themselves from attack.
8 Ways to Prevent Cyber Attacks
Educate employees.Attacks can be unleashed upon a company through human error. A simple click on a suspicious link can affect the whole network, resulting in damage and data loss. According to a Help Net Security survey, over 30% of office workers admitted they were not familiar with cyber attacks. So, it’s important to have those conversations.
Employ content scanning and filters.While education is important, people make mistakes. A scanner or filter on your mail servers can check for known threats within inbound emails and block any attachment that could be dangerous.
Install antivirus software.Ensure your AV is current across all endpoints within your organization; viruses are always evolving, so AV is not impenetrable, but it is a solid first line of defense.
Update regularly.Regular updates help maintain the integrity of your systems. Many attacks, as witnessed in the Boeing breach earlier this year, can only reach computers that have not been updated. Those that have been updated with a patch are protected from attacks.
Backup daily.If you backup your important data every day, whether to the cloud or a local storage device, attackers have a lot less leverage; rather than pay them to retrieve your data, you can backup to the previously saved data with minimal loss.
Restrict privileges.Not every employee needs all privileges; they only need to be able to perform their work-related tasks.
Create a patch management plan.Ensure your organization is managing patches and upgrades for your software companies by developing a plan of action. There are also patch management programs that can scan systems to determine if any patches are needed. Patches were largely responsible for stopping the potential damage of the Meltdown and Spectre bugs from early 2018.
Purchase cyber insurance.These policies generally cover your business’ liability for breaches involving customer information such as Social Security, credit card, and driver’s license numbers, in addition to health information.
It’s important to remember that Facebook operates within its own private cloud, often thought to be the most secure way to navigate the cloud. However, many cybersecurity experts are beginning to endorse a virtual private cloud instead. While a giant like Facebook surely has a competent staff of many managing their cloud, this most recent event shows that no one is safe. For smaller and medium-sized organizations relying on in-house security within a private cloud, it can be hard to keep up with all the latest types of malware and security attacks. A Virtual Private Cloud hosted by a reputable provider may be the answer.
Are you looking to protect critical data? At DSM, Florida’s predictable cloud, we can take care of all your data protection needs. Cyber attacks are on the rise; make sure you're not a victim by contacting us today.