The Culture of Cybersecurity

What Facebook keeps getting wrong

Yet another 419 million Facebook accounts have been breached. Add this to the 100s of millions already compromised in the Cambridge Analytica, UpGuard, and 'View As' scandals, and the question becomes: can Facebook ever be secure?            

After all, it feels like just yesterday when Zuckerberg marched onstage at Facebook's F8 conference and proclaimed that "the future is private."

"Now look," Zuckerberg continued. "I get that a lot of people aren't sure we're serious about this. We don't exactly have the strongest reputation on privacy right now, to put it lightly. But I'm committed to doing this well and starting a new chapter for our product."

As it becomes increasingly obvious how critical digital privacy is for any company's long-term health, it's hard to believe that the largest social network in history could fail to see how important the safety and trust of its users are to its own future success. Well, then, what keeps going wrong?

In a post back in March, Zuckerberg writes that "[m]y focus for the last couple of years has been understanding and addressing the biggest challenges facing Facebook. This means taking positions on important issues concerning the future of the internet."

Jump forward 6 months. For Facebook, user privacy simply doesn't currently rank amongst "the biggest challenges facing Facebook." No, those spots are reserved for slowing revenue growth and reputational damage. Notice that the users are never mentioned in the lines above.

And it is precisely for this reason that it is so difficult for Facebook to properly protect itself.

Information security cannot be contained in a set of regulations or handed off to a security team. To be effective, it must lead to a complete transformation in organizational priorities and culture.

The truth is that Facebook doesn't want user data to leak any more than the users do. In 2018, they announced plans to double their security staff to an astounding 20,000. To put that in perspective, it's nearly 3 times the size of McAfee's entire workforce.

But as long as corporate priorities incentivize 'connectivity' at the expense of privacy, there's only so much an army of security experts can do. To reiterate: any effective cybersecurity strategy must start at the top and it must make its way all the way down to the bottom.

Corner office marketing execs and lobby receptionists are just as responsible for protecting company data as are the cubicle-dwelling IT technicians. They each have a job to perform, each in their own way. Cyber security is everyone's responsibility.

This is why Silent Breach focuses on helping our clients undergo a holistic security transformation, rather than simply providing silver bullet solutions. For example, our upcoming Continuous Monitoring solution, Quantum Armor, provides clients with near real-time insight into their security posture, all with 360 degrees of transparency.

Every single company handles sensitive data. You can either embrace your responsibility to protecting it or you can stand by and watch it leak. Again. And again. The choice is in your hands.

About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.