Dark Reading, July 27, 2020
Good security practices go a long way to ensuring a safe journey, NCSA's Eliot says. This includes updating all applications on the major devices used...People may spend more time in rental cars this summer, which means they have to watch how they manage the infotainment system. NCSA's Eliot says it's fine to use the Bluetooth on the rental vehicle to make calls and listen to music, but make sure all of that information gets deleted before turning the car in.

SecurityWeek, July 17, 2020
Kelvin Coleman, NCSA “As we initially speculated, the latest findings behind the recent Twitter breach all point to an employee’s – allegedly implicit – role in a coordinated social engineering attack that took advantage of a compromised set of credentials to facilitate a breach of this size and scale. Given the ‘insider’ nature of the incident, this attack speaks to a larger issue around the collective concept of people, process and technology. Although Twitter likely has a robust internal security team to monitor the platform across devices, and actively promotes the use of stronger passwords and 2FA, the human element continues to be the most unpredictable factor contributing to these types of situations. It’s hard to predict and mitigate how people will factor into potential breaches, but this should nonetheless be a learning experience for other platforms and tech companies to encourage them to review and enforce an effective incident response plan moving forward.”

IT Ops Times, July 16, 2020
Kelvin Coleman, executive director at the National Cybersecurity Alliance, agreed, adding: “Given the ‘insider’ nature of the incident, this attack speaks to a larger issue around the collective concept of people, process and technology. Although Twitter likely has a robust internal security team to monitor the platform across devices, and actively promotes the use of stronger passwords and 2FA, the human element continues to be the most unpredictable factor contributing to these types of situations. It’s hard to predict and mitigate how people will factor into potential breaches, but this should nonetheless be a learning experience for other platforms and tech companies to encourage them to review and enforce an effective incident response plan moving forward.”

USAToday, July 16, 2020
"It’s hard to predict and mitigate how people will factor into potential breaches, but this should nonetheless be a learning experience for other platforms and tech companies to encourage them to review and enforce an effective incident response plan moving forward," Kelvin Coleman, executive director at National Cybersecurity Alliance, said in an emailed statement.

Bank Info Security, July 16, 2020
Kelvin Coleman, executive director at National Cybersecurity Alliance, also believes the security breach points to a Twitter employee whose credentials may have been compromised. "While it's unclear what the source of the ongoing Twitter crypto scam attack is - the size and scale of an operation like this seem to potentially point to an employee's compromised credentials - it's very likely due to something as simple as falling victim to a phishing attack," Coleman says. "This then allowed a single bad actor or group broad access into these accounts from the inside."

SC Magazine, July 16, 2020
Kelvin Coleman, Executive Director of the National Cyber Security Alliance (NCSA) agreed, said that “while it’s unclear what the source of the ongoing Twitter crypto scam attack is – the size and scale of an operation like this seems to potentially point to an employee’s compromised credentials – very likely due to something as simple as falling victim to a phishing attack – that then allowed a single bad actor or group broad access into these accounts from the inside.”

Threat Post, July 16, 2020
Kelvin Coleman, executive director at National Cybersecurity Alliance, said on Wednesday the size and scope of the account takeovers suggested the account takeovers were tied to an employee’s compromised credentials. He said the attack was “very likely due to something as simple as [an Twitter employee] falling victim to a phishing attack — that then allowed a single bad actor or group broad access into these accounts from the inside. Other platforms should take this as a significant learning experience to ensure a breach to this magnitude doesn’t occur again.”

SD Times, July 13, 2020
Even during normal times these things tend to not be top of mind, Kelvin Coleman, executive director of the National Cyber Security Alliance, explained. “So you can imagine as you rush to create some of these things, security, privacy protocol, probably are still not at the very top of the list,” said Coleman. He explained that it’s a bit of a double-edged sword. There is a case for getting these apps out into the public as soon as possible to help deal with the current situation and prevent as many deaths as possible. “You want to contain it and make sure that people have an opportunity to know that they’re in the vicinity or have been in the vicinity of someone who’s had the virus, and so there is a rush to get it out there,” said Coleman. “But we have to make sure that security and privacy protocols are thought of not second, third on the priority list. It needs to be at the top.”

Politico, July 7, 2020

Politico Pro, July 6, 2020