Reuters
- Two former Twitter employees were charged by federal prosecutors with spying on users on behalf of the Saudi Arabian government - and experts warn that it could happen again.
- Three cybersecurity experts told Business Insider about broader "insider threats," or the risk of surveillance and data breaches carried out by people employed by tech companies.
- The experts warned that tech companies should implement safeguards by addressing workplace culture, setting up ways to detect unusual behavior by employees, and more robustly protecting user data across the board.
- Visit Business Insider's homepage for more stories.
Federal charges unsealed Wednesday allege that Saudi Arabia carried out a massive online spying operation, snooping on the accounts of more than 6,000 Twitter users - and prosecutors say they did it with the help of two of Twitter's own employees.
Now, cybersecurity experts warn that similar "insider threats" could surface again if tech companies don't make a concerted effort to ward them off.
Twitter responded to the federal charges Wednesday, saying that the company is thankful that federal prosecutors uncovered alleged spying and that it would cooperate with future investigations. A spokesperson added that Twitter "limits access to sensitive account information to a limited group of trained and vetted employees."
To protect against future insider spying, tech companies need to vet employees and implement more rigorous protections of user data across the board, three cybersecurity consultants told Business Insider.
Ryan Kalember, executive vice president of cybersecurity strategy for Proofpoint, said companies like Twitter should focus on detecting abnormal behavior by employees. Kalember estimated that more than 30% of data breaches happen with the help of insiders.
"Stopping insider threats is one of the most challenging problems in security ... Defending data requires the ability to detect insider accounts that are behaving oddly, including patterns of accessing and exfiltrating sensitive information," Kalember said.
"But detection isn't enough," he added. "With the complexity of an enterprise infrastructure like Twitter's, being able to respond quickly to any detected anomalies across cloud, email, and endpoints is at least as critical."
Kiersten Todt, managing director of the Cyber Readiness Institute and former adviser to President Barack Obama, said the alleged spying by Twitter employees is "another example of how the tech platforms have repeatedly failed to protect the personally identifiable information" of users.
"Whether [personally identifiable information] is compromised and exposed through an accidental data breach or insider efforts to harvest data, the point is still the same: tech platforms continue to fall short on their accountability and responsibility for data protection," Todt said.
Kon Leong, president, CEO, and cofounder of ZL Technologies, predicts that similar breaches will only become more likely as the value of user data goes up.
"That draws ever more bees to the honey. Whether for political or economic advantage, expect more break-in attempts to get at the data," Leong said.
Leong suggests that tech companies implement top-down "data control" policies, ensuring that data is managed centrally rather than stored in uncontrolled data silos, which he said can "also simultaneously solve many other pressing problems such as compliance, e-discovery, records-keeping, and analytics."
The alleged spying by Saudi agents is just the latest example of foreign governments targeting users on US-owned platforms. A series of high-profile iPhone hacks earlier this year were reportedly carried out by the Chinese government, while investigations by law enforcement and media have uncovered a series of hacks carried out by Russia in recent years to influence US policy.