Facebook Hack Makes Vulnerability Scanning More Important Than Ever
Facebook's recent data breach shows the importance of having an automated and thorough security vulnerability scanning strategy.
Facebook Data Breach Impacts Billions of Users
A recent data breach compromised the data and personal information of more than half a billion Facebook users. If your name or your company Facebook page was included, then information such as phone numbers, Facebook IDs, names, dates of birth, and more have potentially been exposed.
Those luckless half-billion individuals had this personal data posted on the dark web. Many of them could experience hacking of their Facebook accounts. In some cases, it could open an attack vector into organizations due to Facebook links into other applications and website, as well as sloppy habits such as using the same password and user ID on multiple sites.
From a personal standpoint, changing Facebook password is a wise move. But on a broader scale, it emphasizes the need for comprehensive vulnerability scanning in the enterprise. This hack may well open side doors into systems that IT may not be aware of.
Any company with American or British employees should pay particular attention. More than 30 million U.S. accounts were exposed as well as more than 10 million in the UK, and hundreds of millions more all over the world. Anyone using offshore software development resources, therefore, should also be vigilant. If any of those users have compromised Facebook accounts, they could present a channel for hackers to utilize to burrow into enterprise systems, or worse, enter hidden code into applications under development.
Be Warned and Scan
Be warned that these lists of Facebook data are actively been sold on the dark web. Further, the exposed data is invaluable to criminals as they engineer strategies for ransomware and CEO fraud attacks. If a top exec or someone in the finance department has a hacked Facebook account, hackers have a goldmine of data from which to compose sophisticated phishing emails and other scams.
Case in point: If cybercriminals find out from Facebook that someone is overseas, email or Messenger traffic can be used to solicit emergency funds. Alternatively, if an exec is overseas on a business deal or has travelled to another country to secure a merger, data from Facebook could be used to convince the finance department to wire major sums into fake bank accounts. Such things can and do happen.
Why You Should Scan for Vulnerabilities
In uncertain security times such as these, vulnerability scanning becomes all the more important. Regular scanning inspects the points of potential exploit to detect security holes, classify system weaknesses, and offer suggested countermeasures.
Such scans are generally done against a database of information about known security holes in services and ports, as well as anomalies in packet construction, missing patches, and paths that may exist to exploitable programs or scripts. Strange traffic patterns, unusual spikes in activity at atypical times would also be detected.
Vulnerability scanning can either be performed by the IT department or via a managed service. However it is done, it must be automated and thorough.
How Syxsense Can Help
Syxsense Secure is a comprehensive vulnerability scanner that includes IT management and patch management in one console. Syxsense Active Secure is the managed service version. These tools only show you what’s wrong, but also deploy the solution.
Gain visibility into OS and third-party vulnerabilities like defects, errors, or misconfigurations of components, while increasing cyber resilience with automated patching and security scans.