Apple And Meta Shared Data With Hackers – Experts Reactioins

It’s reported that Apple and Meta handed over user data to hackers who faked emergency data request orders typically sent by law enforcement, according to Bloomberg. Fake emergency data requests are becoming increasingly common, as explained in a recent report from Krebs on Security.  

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Erfan Shadabi
Erfan Shadabi , Cybersecurity Expert
InfoSec Expert
April 1, 2022 10:35 am

When we hear of big organizations such as Apple & Meta succumbing to fake emergency requests, leading to a data breach of highly sensitive information, we have to wonder how the message about rigorous data security gets missed or overlooked by those who gather, process, and store our data. But any organization, big or small, and no matter the industry they operate in, can become the next victim of a cyber attack. The harsh truth is this: threat actors will find a way to your organization’s data given enough time and incentive, no matter how fortified your digital environment is.

Last-generation data security methods such as protecting borders and perimeters around sensitive data no longer guarantee complete safety. Every business and governmental organization needs to be in the process of actively updating their data security posture to include data-centric strategies, which protect the data itself as opposed to perimeters around it. Protection methods such as tokenization and format-preserving encryption allow organizations to work with highly mobile data without de-protecting it. So, even if that data falls into the wrong hands, threat actors cannot compromise the sensitive information within. That’s an investment well worth exploring.

Last edited 8 months ago by Erfan Shadabi
Brian Higgins
Brian Higgins , Security Specialist
InfoSec Expert
April 1, 2022 10:33 am

Emergency data requests from law enforcement are often vital in live ‘crime in action’ and vulnerable missing person cases among others. They come from dedicated units and registered investigators and by their very nature can frequently relate to vulnerable individuals, companies or groups. To describe the success of this methodology as a ‘slip-up’ is fairly accurate as the implementation of some very basic cyber hygiene (in this case a mandatory verification call-back for all emergency requests) on the part of Apple, Meta, or any law enforcement liaison team for that matter, would see attackers looking for other less simple ways to commit their crimes and offer an added layer of much needed protection.

Last edited 8 months ago by Brian Higgins
2
0
Would love your thoughts, please comment.x
()
x