Twitter’s whistleblower allegations are a cautionary tale for all businesses

Today, the mere threat of a breach can crush your business. The Twitter whistleblower saga shows that, after years of indifference, customers are sensitive to even rumors of data leaks. A few years ago, PR teams could paper over a small breach, and customers would accept it. A decade ago, massive data breaches made headlines, but customers stayed with the vendor because they believed that lightning couldn’t strike twice.

Times have changed, though, so how can you protect yourself … and even turn privacy and security into an advantage? The companies that win will embrace small steps, transparency, and the right partners.

Ex-Twitter Exec Blows the Whistle

The Twitter whistleblower story will change how the news industry reports on security and privacy moving forward. Just as ransomware went mainstream with the Colonial Pipeline hack, security and privacy stories are going to become mainstream news. Even if your company isn’t as high profile as Twitter, the floodgates have opened.

Furthermore, the Twitter story demonstrates that you don’t need to be breached to make the news. Former Twitter security executive Peiter Zatko (aka Mudge) made headlines with his concerns about Twitter’s security and privacy policies and execution. While there have been well-known Twitter hacks, Zatko’s most powerful criticisms are about Twitter’s state of security. In his almost 200-page report to federal regulatory agencies and the Department of Justice, the most serious allegations are that Twitter provided regular employees access to central controls and sensitive information without adequate oversight.

It Doesn’t Matter If the Accusations Are True

If a reporter asked, “Who has access to your data,” could you answer? Would you want to answer? You will be convicted in the court of public opinion before you can defend your security posture. I have no inside information on the Twitter case, but it doesn’t matter whether it’s found to have egregious breaches of standard security protocols. There will be a large contingent that already assumes this information is true.

After so many high-profile breaches (Target, Adobe, Yahoo, and more), companies are considered guilty until proven innocent. Unfortunately, it’s almost impossible to prove innocence since you cannot prove the absence of a breach. Furthermore, even if you could, by the time you could prove that you haven’t been breached, the news machine already has moved on. You cannot react quickly enough to counteract the rumors.

Why Are Customers So Sensitive to Privacy?

Everybody knows that companies are gathering vast amounts of personal data. Clicking on the GDPR-inspired “Track my information” buttons may be a reflex, but we understand that we’re always being tracked. Customers accept that their vendors will hold their personal data, but they expect the company to protect their information.

Unfortunately, cybercriminals are targeting personal customer information. Identity theft, spam, phishing, ransomware, and other attacks aren’t just theoretical. Everybody knows somebody who’s been affected.

To read the complete article, visit Dark Reading.