This weekend had some interesting security implications for a significant portion of you out there. Mat Honan had his digital life pwned. Erased. Disrupted. Even if only for a few days, I am certain it was incredibly stressful. The kicker here is that it wasn’t some sophisticated hacking scheme that got it done, it was simple social engineering and some crafty computing. Go read about Mat’s story and imagine what it would be like if it happened to you (regardless of your device). Lifehacker also answered a question about this, so check it out if you want to take steps to protect yourself against attacks like this.
Oops, by Victoria-Ann
What I want to talk about today is how that incident forced Apple and Amazon’s hand to make a change in how their business operated. ISO standards like 27000 and 31000 give us guidance on how to design a working security management framework. This starts with Business Governance, feeding into Security Risk Management, then Ops Management, and ultimately Incident management, with lessons learned then passed back up to Business Governance to incorporate and change policies and procedures (among other things). In this case, both Apple and Amazon had to manage this very public incident that arguably didn’t affect their business—it just affected a customer they have in common.
But the important thing is that both businesses altered their governance position to address this issue. Unfortunately, it took someone with a huge following and platform to cause the change to occur which probably means others have suffered from this same attack with no real adjustment to protect them. How would your organization handle something like this? Has your security function evolved far enough to change the business in this way?
Possibly Related Posts:
- Ten Things Companies Get Wrong About CIAM
- Protect Yourself and Freeze Your Credit
- Preventing Account Takeover, Enable MFA!
- Proofpoint Patches URL Sandbox Bypass Bug
- Pushing Vendors to Abandon SMS