Comments by: Jonathan Knudsen, Senior Security Strategist, Synopsys Software Integrity Group
The Twitch breach highlights a few important points about cybersecurity.
First, adversaries come in many forms with many motivations. In this particular incident, an attacker with ideological motivation compromised Twitch’s systems and published a huge amount of data. Organisations should consider all types of threats, from casual opportunists to cybercriminals seeking money to nation states pursuing geopolitical gain.
Second, incident response is critically important. When something goes wrong (and something always goes wrong), organisations must have plans in place for a quick and effective response. This response needs to address business continuity (keeping the lights on), customer communication, and recovery. Most importantly, incident response must include a port-mortem analysis which feeds back to improve defences.
Third, security by obscurity never works. Cybersecurity experts just assume that attackers have access to the source code of software. Given enough time and resources, attackers can usually reverse engineer software applications to understand how they work. In the case of the Twitch breach, everyone in the world now has direct access to the Twitch source code. Whatever Twitch was doing for application security, they need to redouble their efforts. Anyone can now run static analysis, interactive analysis, fuzzing, and any other application security testing tools. Twitch will need to push their application security to the next level, finding and fixing vulnerabilities before anyone else can find them.
Comments by: Gary Gardiner, Head of Security Engineering, APAC & Japan, Check Point Software Technologies
Anytime source code gets leaked it’s not good and potentially disastrous. It opens a gigantic door for evil doers to find cracks in the system, lace malware, and potentially steal sensitive information. I strongly recommend all Twitch users to exercise caution in the near-term ahead as cyber attacks are on the rise. For October’s Cyber Security Awareness month, Check Point Research documented a 40% increase in cyber attacks this year, compared to 2020. For now, we recommend Twitch users change their passwords and enable two-factor authentication on accounts.