Oops, They Did It Again

When discussing the overall state of information security, it's commonplace to suggest that everyone is at risk, and that hackers will eventually manage to get past anything put in place to stop them. Commentators frequently assert that the question is not whether this or that business or organization will be hacked, but when the hack will occur. It's a gloomy worldview that sometimes feels not just pessimistic, but wholly defeatist, in a "What's the use in even trying" sort of way.

And then the next big hack goes down and you realize that perhaps what's intended is not so much hopelessness as a sort of direct and urgent pragmatism. The message is not "This will happen so you might as well just throw up your hands and stop caring," but rather, "This will happen and the best way to minimize the negative effects is to do as much as possible to protect your assets while preparing for disaster." You need to build a bomb shelter, not lay down in the middle of the road.

News of the latest shocking breach began to break late yesterday, and the entity to be victimized this time around is one of the most high-profile tech firms on the planet. Facebook has now taken action to reset access to more than 90 million user accounts after discovering that hackers had compromised a gargantuan swath of the leading social media network. The hack directly targeted Facebook's "view as" feature, which lets users look at their own pages the way that other see them.

Facebook handles and stores massive amounts of personally identifying information — among the most dearly sought-after of the many prizes chased by thieves — so it's hardly surprising that hackers would be eager to break through its defenses. The company immediately reported the breach and is working with the FBI and other law enforcement agencies to track down those responsible for the attack and hold them to account for their crimes.

If you've ever pondered pursuing a cybersecurity career, then certification is an excellent place to start. The Security+ credential curated by tech industry association CompTIA, for example, is a baseline prerequisite for many U.S. government information security jobs. And TestOut Continuing Education offers excellent Security+ training. Facebook wasn't the first high-profile breach and certainly won't be the last. There's plenty of time for you to join the fight.