Twitter, one of the longest-established social platforms, has been a touchstone of online engagement for millions of people and organisations for over a decade, but it suddenly faces a very different future – and some of the biggest changes are in the cyber security field.
Musk has long cultivated a reputation for impulsive statements and spur-of-the-moment decisions that have often landed him in hot water – fans would say he typifies fellow social media baron Mark Zuckerberg’s old motto “move fast and break things” – and, to date, he has brought this attitude to bear on Twitter, dismissing employees left, right and centre, and making sweeping changes before just as abruptly rolling them back.
Among some of the more high-profile incidents to befall Twitter in the past fortnight have been the sudden departures of its chief information security officer (CISO), chief privacy officer and data protection officer, and compliance officer; changes to its blue tick verification system that have resulted in a wave of impersonation of high-profile accounts; and, earlier this week, changes to the microservices used at Twitter – supposedly at Musk’s personal behest – that seem to have caused glitches in the platform’s SMS multifactor authentication processes.
At the time of writing, there has been no major cyber incident or data breach affecting users of the platform. However there is a growing perception that Musk’s abrupt termination of thousands of Twitter employees is causing the platform to fray at the edges as various small technical issues start to mount up.
An ICO spokesperson tells Computer Weekly: “Compliance with UK data protection law should be a high priority for all companies, no matter their size or stature. We will continue to monitor the situation with Twitter as it evolves, and encourage anyone with concerns to report them to us.”
So, in light of the ongoing issues at Twitter, it feels like the right time to consider whether or not the platform remains a safe place for business users, and what organisations can do to protect themselves should the scale of the potential risk increase. In short, should you be clamping down on Twitter?
“Much has been said about the psychological safety of using Twitter, both before the current collapse of the moderation and ethics controls as well as after,” says Rachael Greaves, CEO and founder of Castlepoint Systems, an Australia-based provider of information governance and risk management services.
“The culture of the company has always leaned precariously over the chasm of risk while straining to reach the high fruits of market saturation and monetisation, with a culture that has seemed to become more tolerant of potential and actual harm to its users over time.”
Certainly, the trust that users hold in Twitter has been badly damaged, and while it may not yet be irreparable, trust once broken can take years to fix and will be less resilient in future.
“I think trust seems to be diminishing quite rapidly,” says Jake Moore, global cyber security advisor at ESET. “Trust has been so heavily featured at Twitter’s core over the last decade.
Jake Moore, ESET
“People use it to corroborate information, to get news out rapidly, and it has built up a level of trust that many people have confidence in. It seems like a huge change that this trust – which you don’t build overnight – has diminished so rapidly.”
Moore highlights the issues with blue tick verification – turning it from a signal that a user is a trusted voice in their field to an $8 subscription service for anybody who cares to spend the money – as a key factor in the erosion of user trust, and says it has put both brand integrity and reputation at risk.
“That blue tick is very difficult to get. I know of journalists who are extremely high-profile who, until two weeks ago, were still struggling to get it. That in itself gave a certain kudos that Twitter only gave the extra form of verification to those who could verify to the highest degree.
“You can’t offer a blue tick like that to everyone,” he says. “It waters down what verification means. And this grey ‘official’ button? So what was the point? You could even start to question if you can trust accounts you know are official, because we don’t know what their security is like, or what their policies are.”
Defense.com’s Oliver Pinson-Roxburgh agrees the blue tick debacle has been a game-changer in terms of trustworthiness, and is opening the door to other sources of cyber risk to users.
“Rather than being traditionally ‘hacked’ via the platform, the biggest issue comes from adversarial information-based attacks, especially impersonation. When all users gained the ability to acquire a blue tick, a core idea at the heart of Twitter changed…It’s open season for personal and professional spoofing and impersonation attacks. Indeed, one notable change will be that the jump in fake accounts will also increase the likelihood, and bring greater believability to, other informational attacks such as phishing.
“Firms are playing catch-up with this new reality on Twitter. Only recently, someone registered a similar username to pharmaceutical giant Eli Lilly, paid $8 for a blue tick and quickly wiped billions off their share price with a single tweet. There was very little Eli Lilly could’ve done to defend against this attack,” he says.
A legal perspective
Speaking to Computer Weekly on condition of anonymity, one legal expert with a specialism in technology and data protection says they agree with the general sentiment that chaos reigns in the Musk era, but points out that, in reality, we know very little about what is actually going on.
Even so, there are increasing legal concerns about Twitter’s data protection compliance and whether it meets the standards of the European Union (EU) and UK General Data Protection Regulation (GDPR).
“Organisations ought to be concerned about Twitter’s data protection compliance, and whether it still takes it seriously in a world where Elon Musk is in charge, but that’s a view based on mood music; we’ve seen no evidence of breaches that have arisen,” the legal expert says.
Nor, they add, is there any evidence that processes within Twitter are slipping in terms of their compliance, simply because too little time has passed since the service was acquired.
“All the indicators are there that bad things are coming, but what they are is anybody’s guess,” they say. “An indicative factor is the sudden departure of data governance and compliance officers. That is a concern. Questions should be posed as to why they left.”
“I wouldn’t be surprised if Twitter found itself an increasing target for nefarious hackers and the equivalent, or people with anti-Musk or anti-US agendas, [or] even disgruntled internal people with a grudge, all of which potentially creates risk exposure for businesses.”
“The issue is if the DPC says we can’t be your One-Stop Shop, Twitter would suddenly be exposed to 27 Member States’ enforcement – and potentially separate enforcement from the ICO – so essentially 28 investigations, which from a legal perspective is an absolute nightmare. It is in Twitter’s interests to keep the DPC happy,” they say.
So, should you quit Twitter?
This is the question many business and security leaders will be puzzling over. Do you pull your organisation’s Twitter presence and risk missing out on the benefits of an active social media presence? Or perhaps a more guarded approach to Twitter usage is in order?
There are many who say this is not necessarily the time to curtail organisational Twitter usage, and nor is it the time to decamp to a platform like Mastodon which, while worthy in its aims, is broadly untested in terms of corporate usage.
“I don’t think it’s time to pack it all in, no. Things change rapidly all the time, and I don’t want to see companies shoot themselves in the foot if Musk has other ideas to sell the platform on, or has something else in mind,” says Moore. “Companies and users alike should err on the side of caution where they can.”
“Don’t rush into anything,” says Elena Davidson, CEO of Liberty Communications, a London-based public relations agency. “Our advice remains to stay firm and not make drastic changes; learn more about the implications of the changes, and don’t change your plans until you are confident in the changes to the platform…Don’t abandon the platform altogether. Take time to develop your strategy based on the facts.”
In the short term, she suggests, it would be wise not to subscribe to Twitter Blue, the paid-for blue tick service, until more is known about what this process entails.
Going forward, says Davidson, it should be impressed on social media teams that there are still plenty of strategies they can deploy to ensure and even heighten trust in their organisations.
“Remember to contribute relevant content backed by third parties which reinforces your brand and credibility,” says Davidson. “Use multimedia such as video and photos to boost engagement and credibility; refer back to other Twitter handles used by your company, executives, partners and customers. This will help build your credibility further. Don’t forget to also cross link back to handles run on other social platforms such as LinkedIn.
Finally, she adds: “Make sure you tag trusted and bona fide third parties in your tweets and posts – this will help further boost your credibility.”
Kaspersky’s David Emm adds: “It is important for businesses to have a clearly defined strategy for corporate use of all social networks, particularly Twitter. This should include who in the business is allowed to have access and use of the corporate account, guidelines in how to use it, including how to respond (or not) to trolls, with an understanding of an escalation strategy to tech teams or legal should it be needed. And finally, the business should review its account security regularly to ensure that the benefits of using the platform aren’t outweighed by the negatives.”
David Higgins, senior director of CyberArk’s Field Technology Office, adds that for some organisations, an even greater degree of caution is warranted: “Those running government social media accounts have reason to exercise caution, given authentication for these is less straightforward. Usually, teams of people within an agency have access to and can post information to these accounts, with passwords commonly shared internally among team different team members and changed infrequently. And that makes them a very easy target for attackers or malicious insiders for disinformation – especially given there is no record kept of who posted what, and when.
Rachael Greaves, Castlepoint Systems
“Security measures for these accounts need to be strengthened, but in a way that doesn’t compromise the speed of critical communications. Options could include eliminating shared credentials, adopting passwordless authentication to access login details, and auditing activity on accounts to monitor for anomalies. Automating credential changes is a must too, so ghost employees can’t abuse old credentials to conduct nefarious activities.”
The legal expert agrees that vigilance is of the essence: “I certainly think caution is merited, along with watching what competitors in the same space are doing and watching what Twitter itself, and the regulators, do.
“The obvious red flags, from the position of a lawyer advising clients in the data protection world, are historic breaches or reports of breaches, typically hacks, potentially leaks [and] potentially the development of products that fly close to the wind in terms of audience segmentation, listing, etcetera.”
For example, they say, if a client came to them and said their marketing team wanted to take advantage of a new product or service that Twitter had developed in the past few days that would let it get the right message in front of the right audience, their first question would be “what have you done to ensure it is compliant?”. If a hypothetical future service was investigated and found to be non-compliant with data protection law, that client would be on the hook for its use of it, and might have to answer to the responsible regulator.
But Castlepoint’s Greaves takes a more hardline view: “With the desertion, or expulsion, of key security teams in the last fortnight, the real concern is that the counterweights balancing risk against value will no longer be heavy enough to protect the user base. These teams were actively working to quash scammers, squash bugs and monitor the threat environment. Even if the security controls all stay up, the bad actors have smelled the blood in the water and are all swarming.
“Eventually, one will get their teeth in. As controls decay, even unsophisticated bad guys may find chinks in the armour. There is a risk here to individuals, who may have sensitive information in private messages compromised. And it’s risky for corporations, whose communications on the platform may be deemed ‘records of business’. Citigroup, Morgan Stanley, Barclays, Bank of America, and JP Morgan have all been fined for allowing staff to use messaging apps – and that’s just from a records compliance angle. What will happen when those communications are breached?
“For now, corporations should follow the SEC and CFTS’s advice, and stop doing business on Twitter. Not just to avoid a fine, but to avoid the reputational damage of a major data spill,” she concludes.
We’d expected the Cyber Monday deal to have gone by now, but it’s still going strong today. It isn’t clear how long it’ll be available for, though, so if you need a dash cam that just does the basics and shoots good-quality 1080p video, we’d suggest picking it up sooner rather than later.
In our review of Garmin’s tiny dash cam, which is about the size of a key fob, we praised its “focus on simplicity”, along with its “high-quality HD footage and useful set of voice control commands”.
Today’s best dash cam deal
While the Garmin Dash Cam Mini 2 lacks premium features like 4K video recording or a rear screen, we think it nails the basics and offers great value, particularly in this post-Cyber Monday deal.
Because it’s tiny and weighs only 35g, it can hide away discreetly behind your rear-view mirror, which makes it particularly suitable for small cars. In our tests, we were also impressed with the quality of its 1080p video and 140-degree field of view, plus the handy voice controls.
And while the Dash Cam Mini 2 does also lack GPS, we found the Garmin Drive app – which is an important part of the dash cam experience – to be very polished and user-friendly. We had no issues with connecting it to the dash cam, which is where some models can slip up, and it’s free for iOS and Android phones.
Looking for a more traditional camera to help shoot photos and video outside your car? Check out our broader round-up of the best Cyber Monday camera deals that are still going.
More dash cam deals
No matter where you live, you’ll find all the lowest prices for dash cams from around the web right here, with offers available in your region.
Mark is the Cameras Editor at TechRadar. Having worked in tech journalism for a ludicrous 17 years, Mark is now attempting to break the world record for the number of camera bags hoarded by one person. He was previously Cameras Editor at Trusted Reviews, Acting editor on Stuff.tv, as well as Features editor and Reviews editor on Stuff magazine. As a freelancer, he’s contributed to titles including The Sunday Times, FourFourTwo and Arena. And in a former life, he also won The Daily Telegraph’s Young Sportswriter of the Year. But that was before he discovered the strange joys of getting up at 4am for a photo shoot in London’s Square Mile.
Apple has announced the winners of the App Store Awards 2022, with BeReal – the new social platform that has you snapping and sharing a pair of photos (one from your phone’s front and one from the back camera) each day, took the App of the Year award this year.
The App Store Awards (opens in new tab) is a yearly event where Apple recognizes developers and the apps they’ve created that have made the biggest impact on its users and the company. Whether that’s in social media, games or sport, they take advantage of the hardware and software that Apple’s recently brought out.
There were a bunch of games that were highlighted this year, such as Wilde Flowers (opens in new tab) and Inua (opens in new tab) winning the Apple Arcade game of the year and Cultural Impact award respectively, while GoodNotes 5 (opens in new tab), developed Time Base Technology Limited, took the iPad App of the Year award.
It’s interesting to spot that there’s 16 winners here, rather than 15 of the previous years – that’s because there’s a new ‘China Game of the Year’ added to the roster, which only shows the breadth of how one country is making an impact on the App Store.
With this in mind, TechRadar reached out to the developers of Wylde Flowers, Gentler Streak and Inua about plans for their apps in the near future, after winning these awards from Apple.
Apple’s App Store shows no sign of slowing down
Available on Apple Arcade (opens in new tab), Wylde Flowers is a game reminiscent of Animal Crossing and Stardew Valley, where you control the protagonist – Tara, building and running a farm during the day while also moonlighting as a witch during the night.
Developed by Studio Drydock, the developers told us that they were proud to receive the Apple Arcade game of the year, but that there’s also an upcoming update called ‘Endless Seasons and Romance’ – due for a December release – which will feature different weather effects and new content that players will be able to enjoy.
We asked the team if they would also include the ability to finally customize Tara, and while they said that they were aware of this request from many players, it wasn’t something that they were considering for the time being.
Inua (opens in new tab) is a time-traveling adventure game that makes for an immersive time on iPhone and iPad, and while developers Arte Experience told us that a version of the game appearing on Apple TV would make for a good next step when we suggested it, they didn’t confirm whether this is expansion would be in the game’s future.
Alongside this, Gentler Streak (opens in new tab) achieves the unique task of encouraging you to work out in a calm and concise way, with useful information inside a well-designed app. The team also confirmed that Live Activities – a feature from iOS 16.1 that allows widgets to show live updates on the Lock Screen – is coming to a future update of the app, alongside adding photos to workouts and more complications to the watchOS app.
Overall, it’s encouraging to see so many varied apps earning awards this year, although it would be nice to see another award that highlights accessibility; either as a separate award or included as a mention as part of other awards.
Regardless, with rumors of an Apple VR headset allegedly debuting in 2023, we could see a completely different App Store Awards next year. It’s a good time to be an Apple user, with the innovation that these independent developers are still bringing to the table, almost 15 years since the App Store debuted, alongside the iPhone 3G, back in 2008.
Daryl had been freelancing for 3 years before joining TechRadar, now reporting on everything software-related. In his spare time he’s written a book, ‘The Making of Tomb Raider’, alongside podcasting and usually found playing games old and new on his PC and MacBook Pro. If you have a story about an updated app, one that’s about to launch, or just anything Software-related, drop him a line.
Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.
Leading through turbulent times has become far too familiar for leaders; PwC’s new report found 90% of executives are concerned about macroeconomic conditions, including the Federal Reserve’s tightening cycle, higher cost of capital, and wages not keeping up with inflation. However, 82% remain confident about their ability to execute on digital transformation initiatives and 77% are confident they can achieve near-term growth goals.
Inflation is a looming threat, but large budget cuts can formulate the exact precarious situation companies hope to avoid. Rather than acting swiftly, the survey found executives are focused on planning for the potential timing and severity of a recession.
Executives are thinking about how to cut costs without reducing headcount, such as using automation and managed services for efficiency. CIOs still plan to invest in digital transformation.
Implementing strategies for recession-proofing
Along with inflation fears, executives are worried about wage growth not keeping up with rising costs, and plan to reduce the number of full-time employees as a result. In fact, 81% of CHROs plan to implement at least one tactic to reduce their workforce, such as layoffs, voluntary retirement or not replacing people who leave on hiring freezes.
Intelligent Security Summit
Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.
The state of hybrid work remains a topic among executives. Two-thirds are concerned with a slower-than-expected returns to work. Many seek to implement on-site training, coaching and mentoring opportunities to attract employees. Executives are challenged to rethink the role of the office by creating a culture that fosters in-office participation.
While fears of a recession loom, not all hope is lost. Leaders are focused on growth and looking to enter a possible recession healthy and exit healthier. While conscious of their cost structure, it’s part of a bigger conversation about how they will transform their businesses for the future, rather than a knee-jerk reaction to current economic conditions. How well and how quickly they are able to execute will determine the outcome.
Effective strategic planning, investment in growth and continuous flexibility will see companies through growing concerns.
PwC’s report surveyed more than 650 business executives, including 91 CFOs and 94 CHROs.