Saudi Arabian government responds to Twitter hack

The Saudi Arabian government has regained control of its Saudi Citizen Account Program Twitter feed after it was attacked by criminal hackers.

The hackers infiltrated the Twitter account on 1 January 2018 and sent a series of offensive and false comments. They also sent a message to the Saudi Royal Court Advisor, Saud al-Qahtani, saying they would launch more attacks.

The Saudi Citizen Account Program was introduced in February 2017 to “protect Saudi households from the expected impact – direct and indirect – of economic reforms. Recipients receive support through direct cash transfers”.

The Saudi Arabian government hasn’t revealed how it was hacked, which certainly isn’t a surprise. However, most hacks – particularly on Twitter – are the result of poor password practices. Users either create weak passwords that allow hackers to launch successful brute-force attacks, or they reuse passwords across multiple sites. If one site suffers a breach, the passwords will be exposed on the dark web, where criminals can buy them and use them elsewhere.

A hacked Twitter account poses a relatively low level of risk, as criminals don’t have access to sensitive information. It is still a serious incident, though, as it causes reputational damage and represents poor cyber security practices that could be indicative of the whole government.

To avoid being hacked, all organisations should implement an effective password management policy. This should include making sure passwords are sufficiently strong (combining letters, numerals and special characters) and unique to each account. If people need help remembering these passwords, they should use a password manager, such as 1Password or LastPass.

For an additional layer of security, two-factor authorisation should be used wherever available.

How else can I stay secure?

Strong passwords are just one way to stay secure. Any organisation that implements ISO 27001, the international standard that describes best practice for an information security management system (ISMS), will demonstrate that it is doing all that it can to prevent cyber incidents.

ISO 27001 provides a holistic approach that encourages organisations to consider their employees, business processes and IT systems when putting in place cyber security measures.

Risk assessments are at the core of ISO 27001. Organisations need to produce a set of controls to minimise identified risks. These controls are wide-ranging, relating to organisational policies, procedures, employees and technology.

You can find out more about ISO 27001 and how to implement it in our free green paper: Risk assessment and ISO 27001 >>