It has been a wild few weeks for Twitter and the Operational Risks associated with account hijacking and "Tweets" that may compromise the positions of active police activities. The Boston Police were
warning people via their official Twitter account:
The first official announcement that law enforcement agencies had concluded their manhunt for Boston Marathon bombing suspect Dzhokhar Tsarnaev didn’t come at a press conference by police commissioner Ed Davis or Mayor Tom Menino. It didn’t come from a press release or a dispatch over a police scanner. It came instead from two tweets:
Boston Police Dept. ✔ @Boston_Police#MediaAlert: WARNING: Do Not Compromise Officer Safety by Broadcasting Tactical Positions of Homes Being Searched. 8:52 AM - 19 Apr 2013
Boston Police Dept. ✔ @Boston_Police#MediaAlert: WARNING - Do Not Compromise Officer Safety/Tactics by Broadcasting Live Video of Officers While Approaching Search Locations 1:14 PM - 19 Apr 2013Social Media and a hacked AP Twitter account were the catalyst for a sudden drop in the financial markets. As the news service realized what had occurred they contacted their employees in the White House briefing room to refute the information:
Twitter Inc. plans to bolster security on its site after the account of the Associated Press news service was hacked and an erroneous post triggered a stock- market decline, according to a person familiar with the matter.
Two-step authentication will be introduced to make it harder for outsiders to gain access to accounts, said the person, who declined to be identified because the information isn’t public. In addition to a password, the security measure requires a code sent via text message to a user’s mobile phone, or generated on a device or software.
Twitter’s defense against password theft came under scrutiny this week after a hacker sent a false post about explosions at the White House, triggering a drop that wiped out $136 billion in value from the Standard & Poor’s 500 Index.
Social Media is becoming a way of real-time situational awareness and organizations that have ignored the potential impact on its Operational Risk are now paying attention. Proactive steps are now being taken to not only monitor the daily feeds on official company twitter accounts and also upgrade the security of those feeds by using multi-factor authentication.
Companies such as Duo Security are going to start seeing an uptick in their web site activity as a result of these latest hacks on Twitter and others. Why? Because it works.
Corporate integration of public relations and information security are not anything new per se. What is getting more attention is how social media has become a catalyst for changing human behavior. Even more revealing is how automated trading systems react to a false tweet on Twitter. Have the algorithms gone too far in high frequency trading? Not really. HFT professionals don't let Twitter change their strategies. Here is a dose of reality:
There is little predictive value in the events of the, "Hack Crash." However, there are some key takeaways for traders. First is the importance of protective stops. One never knows what could happen next. Second, verify news reports. I have the AP's iPhone app, which alerts me to breaking news and had no mention of the tweet until after the fact. Therefore, the corporate disconnect between Twitter and their app was my first clue it was bogus. Finally, cut the high frequency traders some slack. Their programs are based on risk and reward just like our own and the liquidity they provide in times of dramatic events is exactly what allows us to get out of the market and keep some powder dry until the smoke clears.
What will continue to be an ongoing trend in corporate ranks is the need to continuously monitor social media and to spend the time on due diligence to determine what is real and what is simple "Information Operations." (IO) in the corporate ranks and across Wall Street is the name of the game. Those who understand how to manage their monitoring and deal with the daily anomalies will be able to mitigate the major risks to the enterprise.
Our only hope is that the thousands of major law enforcement agencies across the globe, are doing the same. @Boston Police is a good place to start with any lessons learned.
operational risk