First see what I have to say about “sophisticated attacks” then we will get into this leak of personal information by an organisation that should have a reasonable spend on cyber-security!
Twilio – a communications and phone company based in San Francisco – is reluctant to give away much information on how many of their customers were compromised in this attack. However reading the article from The Register – whatever the Twilio PR machine says – it sounds to me like a regular social engineering/phishing attack to steal credentials. Nothing particularly sophisticated about that.
Twilio customer data exposed after its staffers got phished • The Register
You, me, anyone (including Twilio), could be a target of such an attack.
What you and your team need is great training to make you you are all aware of the potential threat and then add to that some simple policies and procedures.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
And just a little something else from the Isle of Wight:
The Isle of Wight Council – when is a data breach not really a breach? – Smart Thinking Solutions
Please Note:
I am on leave so the news this week is “in brief”. You can still contact me via the contact page and Octagon Technology.