Syrian Electronic Army hacked the Associated Press Twitter account and made a fake tweet about an explosion in the white house and president Obama being injured. The tweet brought widespread repercussions, with the Dow Jones Industrial average having a sharp decline. The nosedive lasted two minutes until the White House, and Associated Press confirmed the news as false. However, the fake tweet erased $136 billion in equity market value.
Security policies and procedures offer clear direction in case of a security breach. Strong policies standardize processes and rules to assist organizations to be secure from threats to data confidentiality, integrity, and availability. Without robust policies and procedures, organizations’ information assets and intellectual property can get compromised or stolen (Dunham, 2020). Also, the organization’s reputation may get damaged, and the public will lose confidence in the organization, which can ruin its performance.
Web application policies aim to minimize the risk of hacking and other threats. There is a need to implement two-factor authentication, requiring a password and a texted passcode to access the account. It will make it more difficult to hack. Also, it is important to develop a policy that allows programing the web in a way that does not allow code to be injected and executed. It will ensure the attacker cannot manipulate any data read and write files. It will be useful to champion for user education process by training users on the best to detect phishing e-mails.
Moreover, it’s essential to develop a policy that sanitizes the user input to ensure data received does not harm the database. It can get done by accepting user input in an acceptable format only. Lastly, there is a need to create long, strong, and frequently varied passwords to minimize the chances of being hacked.
Organizations should have a policy that hardens systems and easily detects spam to avoid data breaches. They should have a data processing policy to track how data flows through an organization, how it gets processed, and it is being used. An organization should have a data breach notification where the staff knows what to do in a data breach. There should be a data protection officer for employees to call in case of concerns about data protection. Additionally, extra protection and restriction on collecting sensitive data will be helpful.
An IT security manager can increase organizational awareness of policies and procedures in information through various ways. First and foremost, the IT manager can support cyber security staff by offering a sufficient budget and listening to their requests. They can conduct annual staff awareness training to detect phishing and ransomware threats. The IT manager can prioritize risk assessment to ensure the organization’s controls are appropriate to the risk it faces (Irwin, 2021). Without a risk assessment, the organization will more likely ignore threats that could have devastating effects.
In conclusion, the Syrian electronic army hacked the Associated Press Twitter account and, within two minutes, led to devastating effects on financial markets. Lack of strong policies and procedures for securing applications and data makes organizations’ information assets, and intellectual property can get compromised or stolen. The web application policies that need to get developed include implementing two-factor authentication, programing the web not to allow code to get injected or executed, and championing user education. Also, sanitizing the user input and creating long, strong, and frequently varied passwords. The data protection policies that need to get developed are policies that allow hardening the systems to detect spam easily, tracking data flows, and how it gets used and processed. Similarly, having data breach notification, having a data protection officer, and being extra protective and restrictive on collecting sensitive data. An IT manager can increase organizational awareness on policies and procedures through supporting the cyber staff, conducting annual awareness training, and prioritizing risk assessment.
References
Dunham Ray, (2020). Information security policies: why they are important to your organization. Retrieved from: https://linfordco.com/blog/information-security-policies/
Irwin Luke, (2021). 5 ways to improve your information security. Retrieved from: https://www.itgovernance.co.uk/blog/5-ways-to-improve-your-information-security