The New York State Department of Financial Services (DFS) has called for the regulation of social media giants after finding the cybersecurity protections at Twitter woefully inadequate.
Governor of New York, Andrew Cuomo, asked the DFS to investigate Twitter following the July 15, 2020, hack into the Twitter accounts of several cryptocurrency firms and well-known public figures.
A report on that investigation, released today, found that the global social media platform lacked adequate cybersecurity protections and, at the time of the attack, did not have a chief information security officer in place.
The department found that threat actors gained access to Twitter's systems simply "by calling Twitter employees and claiming to be from Twitter’s IT department," then asking for victims' login credentials.
Using this unsophisticated attack strategy, the cyber-criminals hijacked the Twitter accounts of politicians, celebrities, and entrepreneurs, including Barack Obama, Kim Kardashian West, Jeff Bezos, Elon Musk, and several cryptocurrency companies regulated by the DFS.
“The Twitter Hack demonstrates the need for strong cybersecurity to curb the potential weaponization of major social media companies,” noted the DFS.
The report recommended that a new cybersecurity regulatory framework be created for giant social media companies. Currently, the cybersecurity policies and programs of such companies are not overseen by a dedicated federal or state regulator that would ensure that their cybersecurity policies and programs adequately address the risks of their digital operating models.
Superintendent of Financial Services Linda Lacewell said that companies like Facebook, Twitter, and Instagram had been allowed to regulate themselves for long enough.
“Social media platforms have quickly become the leading source of news and information, yet no regulator has adequate oversight of their cybersecurity,” she said.
“The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer.”
Lacewell said that poor cybersecurity at immensely influential social media platforms that increasingly dictate what content is newsworthy could potentially allow hackers to interfere with the US presidential election.
Lacewell said: “As we approach an election in fewer than 30 days, we must commit to greater regulatory oversight of large social media companies. The integrity of our elections and markets depends on it.”
The report recommends that, given their millions of users and tremendous power over news media, social media companies should be “designated as systemically important institutions with prudent regulation to manage heightened cybersecurity risk.”