Facebook faces the same cyber threats as a large defense contractor but runs its own security “like a college campus” – that’s the judgement of the company’s top security chief, according to a leaked internal phone call.
READ MORE: Yahoo: All 3bn accounts breached in 2013
Alex Stamos, the social media giant’s chief security officer, made the remark during an internal discussion with employees on the threat to the company’s network posed by hackers.
A recording of the call was later leaked to the website ZDNet on Thursday.
“The threats that we are facing have increased significantly and the quality of the adversaries that we are facing,” Stamos said. “Both technically and from a cultural perspective, I don’t feel like we have caught up with our responsibility.”
Later in the call, Stamos, who has been at Facebook since June 2015, delivered an astonishing indictment of the platform’s network security, saying it is akin to that of a college.
“The way that I explain to [management] is that we have the threat profile of a Northrop Grumman or a Raytheon or another defense contractor, but we run our corporate network, for example, like a college campus,” he said.
READ MORE: Fearful of Russian hackers, English football chiefs tell team to avoid free Wi-Fi at World Cup
Writing in a series of tweets following the leak, Stamos said that his comments were not meant as a criticism of the firm’s senior management.
“They care a great deal,” he said. “It’s not a criticism of anybody, just a statement of why our team needs to be creative in how we protect our corporate network.”
It’s not a criticism of anybody, just a statement of why our team needs to be creative in how we protect our corporate network. 11/11
— Alex Stamos (@alexstamos) October 19, 2017
Seeking to clarify his comments, Stamos wrote that while tech companies provide freedom for engineers to experiment with tools and frameworks, the same flexibility can make them a target for hackers.
“Allowing for this freedom helps creativity and productivity, but we have to weigh that against the fact that we have become a potential target of advanced threat actors. As a result, we can’t architect our security in the same way a defense contractor can,” he said.
Speaking to ZDNet, Stamos said that the words “college campus” were merely “a figure of speech.”