Apple, Facebook, Google, Uber: How Tech Companies Find Leaks

Data Leaks have become quite common these days. Every few months, we get to hear about cyber security breaches and data theft. Some of these leaks are quite impactful and the affected party does everything in its power to assure everyone how everything will be fixed. However, finding the source of these leaks and taking steps to prevent any similar incident in the future can be a little difficult than it sounds.

Although a lot of companies, including Tech Giants like Apple and Google, take steps to prevent any such incident for example, making the employees sign NDAs (non-disclosure agreements), assembling leak and security teams and making sure employees don’t have access to crucial pieces of information, sometimes even these measures fall flat. However, some of these have proven to be quite effective techniques.

Let’s look at a few examples of how well-established companies find these leaks and prepare to deal with them.

Uber:

After the 2016 breach, Uber hired a Chief Security Officer, in addition to a Chief Trust & Security Officer and several other employees. All of these employees were tasked with protecting user data. Also, the company is required to review its privacy program for the next 20 years. The most noteworthy measure taken by the company to prevent data breaches is to enlist the help of hackers, under the Uber Bug Bounty Program, in finding the vulnerabilities and anything in the system that counts as a risk to its security.

Google:

Google’s leak prevention measures got the Tech Giant sued too. Google’s unofficial Stop Leaks team is responsible for finding and reporting leaks. Moreover, a confidential agreement signed by the employees prevent them from revealing anything that happens in the company, to anyone, even lawyers! Lastly, the live streams and all other traceable data of their weekly TGIF meetings was eliminated and the employees are now required to visit an undisclosed location to catch the feed.

Google also boasts a Security Reward Program for its range of products including, Google search, YouTube, Android and Chrome. This program offers "cash rewards for quality security research" to those individuals and developers who identifies vulnerabilities and flaws.
According to Google Application Security page, "We have long enjoyed a close relationship with the security research community. To honor all the cutting-edge external contributions that help us keep our users safe, we maintain a Vulnerability Reward Program for Google-owned web properties, running continuously since November 2010."

Facebook:

Facebook has a Global Investigations Team which has been assigned the task of detecting and tackling data leaks. Moreover in 2017, the board of directors demanded the Social Media Giant to become proactive and provide regular updates on the Russian Interference issue. Lastly, the Cambridge Analytica incident also led the company to restrict and regulate third-party developers’ access.
Also Read: Putting Facebook login on the blockchain is a revolutionary idea, but the risks attached with it tell another story
Facebook's White Hat Bug Bounty program also helps the tech giant in discovering security loophole in its several services, including Whatsapp, Instagram and Messenger app.

Apple:

In addition to sharing false information during the product launches and requiring the employees to sign NDAs to track and/or prevent leaks, Apple also has a Secrecy Program Management team, whose members are put in product teams for secret-keeping purposes. In addition to that, there is also reportedly a “Worldwide Loyalty Team”, whose members are undercover and tasked with investigating leaks in different departments. Interestingly, Apple ended up catching and arresting 29 and 12 leakers respectively last year. Apple also gets some help from independent security researchers through its Bug Reporting page.

Looking at these examples, we come to know how critical the data security matter is, not just for big corporations but also for small startups or even individuals. Some of the steps mentioned above can prove to be quite effective, if implemented properly for example, getting help from ethical hackers to find things that do or can serve as a risk to the data security. Moreover, regular security checks should also become a practice.

This infographic from Varonis visualizes how major companies find leaks:
How Major Companies Find Leaks - #infographic

No comments:

Post a Comment