- Facebook's Chief Security Officer Alex Stamos doesn't "feel like" the social network has "caught up" with its security responsibility, according to a ZDNet report from leaked audio. Instead, the network's architecture is run like a "college campus."
- Stamos went on to say from his personal Twitter account that Facebook cannot afford to "architect" its security like a defense contractor, such as Northrop Grumman or Raytheon, because of "limited computing options and no freedom."
- He defended his comments, saying the college campus phrase was not a critique of management but but rather a way of conveying Facebook's security measures need to be designed and implemented more creatively.
The "college campus" wording is just a figure of speech to make the point; 8/11— Alex Stamos (@alexstamos) October 19, 2017
Stamos has previously stated security does not fundamentally belong in the "fabric" of the internet. However, ISPs' security responsibilities aside, he does insist that sites serviced on ISPs do have that duty.
Like many other Silicon Valley companies, Facebook's engineers are more inclined to pursue functionality than security, as these sites are built on the premise of enabling technical experimentation.
Tech companies are famous for providing freedom for engineers to customize their environments & experiment with new tools 3/11— Alex Stamos (@alexstamos) October 19, 2017
With approximately 2 billion monthly active users, the company carries the burden of protecting troves of personal customer data. Facebook and other social media networks were used as weapons of propaganda, particularly in the last year. The controversies surrounding these sites brought Congressional committees to investigate security practices and handling.
Due to the vulnerability Facebook users face while on the site, the company must creatively protect users from malicious content without impeding the natural freedom the site invokes. Though the context of best security practices shifts from industry to industry, this past year has highlighted the need for security detection in all applications.
The risks of poor security practices are high. Cybercrimes increased by 62% in five years and cost companies about $2.4 million per attack. While there is no such thing as absolute security, eliminating negligence in security practices can greatly reduce the risk of data breaches or manipulation.
All companies, not just exclusively tech companies, are faced with the obligation to implement security in nearly every aspect of technical infrastructure. Migration to cloud-based email providers, patchable web application vulnerabilities and insufficient or outdated equipment have all contributed to 2017's major cyberattacks and breaches.