iCloud Celeb Photo Leak Highlights Human Factor of Cyber Threat
While improving cloud security continues to be an important theme as the world prepares for the Internet of Things, human factors --not a direct breach of Apple’s systems-- were the likely cause of the leak.
Early last week, a massive leak of private celebrity photos prompted dozens of articles and hashtags . Inevitable social commentary about the affected women was quickly redirected by critics who pointed out that the photos were password protected, making the leak a case of theft and harassment .
Apple’s security policies came under fire after it was confirmed that the women stored their photos using the company’s iCloud service. While improving cloud security continues to be an important theme as the world prepares for the Internet of Things , Apple CEO Tim Cook told the Wall Street Journal that human factors -- not a direct breach of Apple’s systems-- were responsible for the leak.
Cook speculated that the women were likely the victims of phishing scams or targeted attacks on their accounts, leading him to conclude that “awareness” was a critical shortcoming in the “terrible scenario.” In order to engage the non-technical aspect of the problem, Apple will offer more stringent security options, including two-factor identification that requires users to input two of three codes to successfully login. Commenting on the tradeoffs between security and usability, an independent security researcher told WSJ that Apple’s new measures will not sufficiently protect customers because the company tends to “err on the side of usability.”
Human error, which is linked to a vast number of problems related to carelessness, ignorance, or lack of technological savvy, has already been identified as a major cyber threat. A recent GBC survey suggests that these unintentional threats pervade even the ranks of senior government officials. Respondents familiar with cybersecurity selected phishing/spear phishing and emails embedded with malware as the top two cyber threats, indicating that federal employees may be a serious liability to their agencies’ cyber health:
For more from GBC on the human element of federal cybersecurity, check out our new research:
Survey report: “Achieving Holistic Federal Cybersecurity”
Issue brief: “The Human Factor at the Core of Federal Cybersecurity”
Infographic: “Inside Federal Cybersecurity”
This post is written by Government Business Council; it is not written by and does not necessarily reflect the views of Government Executive Media Group's editorial staff. For more information, see our advertising guidelines.