The old saying “one person’s problem can be another person’s opportunity” could be adapted in cyber security to “one person’s incident could be another person’s learning opportunity”. This is particularly relevant to the recent hack against various celebrities exposing their most private photographs, including nude selfies. Many may wonder how a consumer related security incident can impact enterprise security. However, incidents like this should be looked upon from a number of angles to determine how best to secure your organization’s security.

Firstly, there is the issue of staff using their own personal devices for work, otherwise known as Bring Your Own Device (BYOD). If criminals can access the online services used by celebrities to store their photographs then it is a good bet those criminals could also access other sensitive data stored on those devices or the cloud. Indeed, a number of people have speculated that by compromising the online services of some celebrities and then accessing their contacts list, the criminals were able to target other celebrities. So if your staff are storing data on their personal devices and perhaps inadvertently onto their personal cloud services, how confident can you be for that information to be kept secure?

A common theory as to how the criminals hacked into the celebrity accounts was not through a weakness in the security online services they were using, but rather by using insecure passwords. Looking at this issue again from an enterprise point of view, are we able to ensure that our staff are using secure passwords? How confident can you be that users are not reusing the same password for their own personal online services to access corporate systems? Many of the recent hacks of online services, such as LinkedIn, highlighted that many providers are not storing passwords securely. If your users are reusing their passwords across multiple systems then how comfortable are you in relying on those service providers to store passwords, some of which may be used to access your systems securely?

Despite some of the compromised cloud services providing two factor authentication for their users, the celebrity hack resulted from those celebrities not enabling the 2FA feature on their account. Are there extra security features on your key systems that you could enable to make them more secure? If not, then now may be the time to introduce and implement them.

Another factor in the exposure of the leaked photographs was a lack of monitoring and alerting to unusual devices accessing the accounts for the compromised celebrities. A lack of monitoring and reacting to alerts have been at the heart of many security breaches such as the celebrity hack and other breaches such as Target. Use these breaches as prime motivations to review how effective your own security monitoring is.

The hack of the celebrity accounts is also a great opportunity to get information security on the agenda with senior management and with staff. The mainstream media stories covering the breach will ensure that people are aware of the issue and this is an opportunity to leverage that awareness and highlight some key projects needed to improve the security of your systems.

As October is also National Cyber Security Awareness Month this is also an excellent opportunity to raise awareness among staff on how to select and use secure passwords and how to use mobile devices in a secure way.

Good practice regarding security incidents is to ensure lessons have been learned from the breach. There is no rule saying the security incident has to be one directly affecting your systems. It is worth reviewing high profile incidents, such as the celebrity nudie hack, to see how you can better protect.

More from CISO

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read