Poor Cybersecurity Governance & low investment in cybercapabilities resulted in 2021's Twitter breach
- Benoit Lescot
- 6 days ago
- 1 min read
Twitter was one of the world's largest social networks, with over 500 million users. It became a pervasive tool in election campaigns, allowing candidates, parties, journalists, and the public to interact and research political reactions.
Twitter in figures
Revenue for 2021: $3.72 billion
Net loss for 2021: $221 million
Revenue streams: Advertising (95%) & Data licensing and other services (5%)
Competitors: Facebook (including Instagram), Snapchat, & LinkedIn.
MITRE ATT&CK Analysis
Timeline of the events
GDPR Violation
•Notification requirement: Twitter was fined for not reporting the data breach within the required 72-hour timeframe after becoming aware of it as stated in the Article 33(1) mandates notifying the supervisory authority. | •Consequences of delay: Twitter's delay in notification meant authorities and affected individuals were not informed in time to mitigate damage. |
New Response Plan
Activate incident response plan
Identify and patch the vulnerability.
Isolate and secure compromised systems or databases.
Restore systems from clean backups. Prioritize business criticcal systems based on BIA.
Notify users & relevant regulatory authorities and communicate
Inform users, info compromised and potential risks.
Provide clear instructions to users.
Establish dedicated communication channel.
Notify authorities in line with regulations' timelines
Cooperate with authorities in their investigations.
Manage crisis and public relations
Execute a comprehensive crisis communication plan.
Engage with media outlets to provide accurate information.
Lessons learned
Post-incident review, identify root causes & areas for improvement.
Implement changes & updates to policies, procedures, & technologies.
Foster a culture of security awareness.
Conduct Security Audit.
Comments