October 15, 2014 By Brian Honan 3 min read

The old saying “one person’s problem can be another person’s opportunity” could be adapted in cyber security to “one person’s incident could be another person’s learning opportunity”. This is particularly relevant to the recent hack against various celebrities exposing their most private photographs, including nude selfies. Many may wonder how a consumer related security incident can impact enterprise security. However, incidents like this should be looked upon from a number of angles to determine how best to secure your organization’s security.

Firstly, there is the issue of staff using their own personal devices for work, otherwise known as Bring Your Own Device (BYOD). If criminals can access the online services used by celebrities to store their photographs then it is a good bet those criminals could also access other sensitive data stored on those devices or the cloud. Indeed, a number of people have speculated that by compromising the online services of some celebrities and then accessing their contacts list, the criminals were able to target other celebrities. So if your staff are storing data on their personal devices and perhaps inadvertently onto their personal cloud services, how confident can you be for that information to be kept secure?

A common theory as to how the criminals hacked into the celebrity accounts was not through a weakness in the security online services they were using, but rather by using insecure passwords. Looking at this issue again from an enterprise point of view, are we able to ensure that our staff are using secure passwords? How confident can you be that users are not reusing the same password for their own personal online services to access corporate systems? Many of the recent hacks of online services, such as LinkedIn, highlighted that many providers are not storing passwords securely. If your users are reusing their passwords across multiple systems then how comfortable are you in relying on those service providers to store passwords, some of which may be used to access your systems securely?

Despite some of the compromised cloud services providing two factor authentication for their users, the celebrity hack resulted from those celebrities not enabling the 2FA feature on their account. Are there extra security features on your key systems that you could enable to make them more secure? If not, then now may be the time to introduce and implement them.

Another factor in the exposure of the leaked photographs was a lack of monitoring and alerting to unusual devices accessing the accounts for the compromised celebrities. A lack of monitoring and reacting to alerts have been at the heart of many security breaches such as the celebrity hack and other breaches such as Target. Use these breaches as prime motivations to review how effective your own security monitoring is.

The hack of the celebrity accounts is also a great opportunity to get information security on the agenda with senior management and with staff. The mainstream media stories covering the breach will ensure that people are aware of the issue and this is an opportunity to leverage that awareness and highlight some key projects needed to improve the security of your systems.

As October is also National Cyber Security Awareness Month this is also an excellent opportunity to raise awareness among staff on how to select and use secure passwords and how to use mobile devices in a secure way.

Good practice regarding security incidents is to ensure lessons have been learned from the breach. There is no rule saying the security incident has to be one directly affecting your systems. It is worth reviewing high profile incidents, such as the celebrity nudie hack, to see how you can better protect.

More from CISO

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today