According to The Information Facebook is planning to acquire a cybersecurity firm:
“In an effort to repair its tattered reputation around data protection, Facebook is stepping up efforts to acquire a major cybersecurity firm, according to four people familiar with the matter.
“Facebook has approached several security firms about an acquisition, two of the people said, although neither would identify the companies as discussions are still underway. One of the people said a deal could happen by the end of the year.”
The Information is right about Facebook’s scorched reputation when it comes to data privacy and security. This year has seen a number of disturbing revelations, as well as a growing understanding amongst users of just how the site exploits people’s private information.
However, the issue I find interesting is if Facebook did actually acquire a company brimming with security boffins, there’s a good chance that a fair proportion of them would be very privacy-minded. And it’s quite possible that a good number of them would rather pull their toenails out with pliers than find that their new boss is Mark Zuckerberg.
People who believe in internet security and privacy tend to have quite a dim view of those companies who have made billions duping users into over-sharing their personal data. They have strongly-held opinions, and the way in which they are viewed by their peers is important to them. Put simply – the last thing they may want is to have to admit to their mates that they work for Facebook.
And don’t think that throwing money at cybersecurity experts is necessarily enough to keep them happy. For many, security and privacy isn’t just a job. It’s a fundamental belief that counts for more than a fat wage cheque. And hey, it’s not as though security and privacy experts can’t get a well-compensated job elsewhere.
I imagine there would be a very real risk of a brain drain in the months after an acquisition by Facebook…
Facebook’s Chief Security Officer Alex Stamos – who was well-respected within the IT security industry – left the company earlier this year, and the social network has confirmed that they aren’t looking for a replacement.
Facebook says it has “embedded security” throughout the company, but it seems to me that they might want to reconsider having one guy in overall charge, rather than just waving a large wad of cash at security firms keen to be acquired.
If you’re finding it hard to quit Facebook (the site I mean, not its employment), why not listen to this “Smashing Security” podcast we recorded:
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.