Is your organization at risk of a hacktivist attack? If so, are you prepared to respond?
The past two years have seen entities such as Sony, the FBI and the Egyptian government fall victim to data leaks, denial of service attacks and plain public embarrassment by hacktivist groups such as Anonymous, LulzSec and WikiLeaks.
Hacktivists are a moving target. They are loosely aligned, capable of swift action, and their motivations are less to make a profit than to make a political statement about individuals and organizations with whom they disagree.
So, what needs to happen if your organization becomes a target for hacktivist attack?
The global Information Security Forum has studied the recent surge in hacktivist attacks, and in this session Gregory Nowak of the ISF draws upon the latest research to show:
How to determine when your organization is at immediate risk of a hacktivist attack;
How to identify which systems or information might be most at risk;
Which changes you must initiate in your information security program to protect against hacktivist attack;
Ways in which security leaders can raise awareness and cross-organizational response to the hacktivist threat.
Hacktivism - the use of internet technology as a medium of social activism - has been around for years, but emerged as a steady, significant threat in late 2010, when Wikileaks released secret U.S. Department of Defense documents.
Since then, groups such as Anonymous and LulzSec have stepped forward to claim responsibility for hacktivist attacks against entities such as Sony, the CIA, the U.S. Senate and PBS. These attacks - often distributed denial of service attacks or network penetration leading to exposure of proprietary information - are meant to express a variety of grievances by the hacktivists.
In 2011 alone, Verizon tracked 855 incidents for its 2012 Data Breach Investigations report, and 58% of all data thefts were tied to activist groups. Emails, password lists, proprietary documents - hacktivists are after any data they can grab.
"Doubly concerning for many organizations and executives was that target selection by these groups didn't follow the logical lines of who has money and/or valuable information," says Verizon in its 2012 report. "Enemies are even scarier when you can't predict their behavior."
And while organizations often are prepared to defend against technology-driven attacks such as denial of service and e-mail bombs, they are unprepared for the public relations assault that accompanies a hacktivist attack. Hacktivists want publicity, and they will use their attacks - even the mere threat of attack - as a means to increase exposure.
"The point of a hacktivist attack is an attack on the reputation of an organization," says Gregory Nowak of the global Information Security Forum. "Most organizations are not prepared to fight a public relations war on the Internet front."
So, how does your organization protect itself from an unpredictable threat? And how should you respond if your organization is targeted?
In this session, drawn from the ISF's latest research on hacktivism, Nowak demonstrates:
The evolutions of hacktivism, and why your organization must be concerned;
Steps information security and risk management teams should take to raise awareness about hacktivist attacks;
Proactive measures every organization should put in place to mitigate hacktivist risks;
How proper incident response in the wake of a hacktivist attack can preserve, and sometimes enhance, an organization's reputation.
Principal Research Analyst, Information Security Forum
Gregory Nowak is a principal research analyst for the Information Security Forum, the world's leading independent authority on information security. He has worked on ISF research projects on Hacktivism, Cyber-citizenship and Securing Mobile Devices. He also is responsible for ISF's Information Risk Analysis Methodology (IRAM).
Nowak has worked as an information security professional for over 10 years, in both Fortune 500 companies and consulting firms. He has experience in a wide range of information security disciplines with a particular focus on software development, business continuity, and data and content management applications.