Hacktivists have the enterprises' attention. Now what?

Enterprise security pros have plenty to worry about: malware, insiders stealing information, an employee leaving an unencrypted notebook full of gigabytes of intellectual property on a train. However, the spate of hacktivist attacks in recent years from groups such as Anonymous and LulzSec has upped the anxiety level. According to a number of recent surveys, Most IT and security professionals see Anonymous as a serious threat to their companies.

So what to do about it? Should it change the way organizations secure their systems? Experts say, simply, most enterprises probably should.

The first piece of advice is to forget about security through obscurity. Assume you will be a target. "One of the interesting things about hactivism is that it is difficult for a company to determine in advance whether it is going to be the subject of a hacktivist attack," says Mark Rasch, director of cybersecurity and privacy consulting at Computer Sciences Corporation "Take a mid-sized company that manufactures widgets in Wisconsin. They could easily ask: 'Why would hactivists be after us.'"

There are plenty of unforeseeable reasons. "We're not involved in politics. We don't do anything particularly controversial. Suddenly, the spokesperson they have for their ads, who they've hired from their public relations firm, who in turn hired an ad firm, that's hired a person to put together an ad that hired an actress who says something that offends some group. Now you're off to the races. The point is it may be nothing they did. They may be a victim of circumstance or happenstance," says Rasch.

"Today, security teams also need to be aware of public actions taken by their respective employers that might make them a target, and they need to be prepared to react," says Shawn Moyer, practice manager, research consulting at Accuvant Labs.

Hacktivist attacks can run the gamut from traditional website defacements to denial-of-service attacks and the theft of IP or log-on credentials which are then dumped publicly on the Internet in a desire to create embarrassment.

"Most of the successful Anonymous attacks have been taking advantage of very bad practices," says John Pescatore, vice president and research fellow at Gartner. Organizations would be wise to bolster their denial of service defenses. "One of the things that surprised a lot of companies have been the denial of service attacks. Suddenly they are identified with being against WikiLeaks or whatever, and they're getting slammed," he says.

"15 years ago when lightning struck an electric pole and the lights went out, the computers went dark, and everybody went out and stood in the hall. We learned that a data center without electricity is pretty useless. Now companies routinely spend money on back-up power supplies like emergency generators. The same now needs to be true now with the Internet connection. If the electricity stays up but the Internet connection goes down the data center is sort of an expensive lump of metal. You need the same reliability on your Internet connection and the Anonymous attacks are good examples of why," he says.

Another expert says enterprises should check their susceptibility to website defacements, if only to protect themselves from embarrassment.

Finally, and perhaps most important, is to bolster an organization's ability to rapidly respond to incidents along with maintaining one's defenses. "We are progressing from the idea where you try to secure your network with essentially moats and castles to prevent every attack to almost an acknowledgement that a determined attacker will likely find some way into some part of your network," says Rasch.

Moyer and many others argue that it's time for enterprises to wake up from focusing heavily on regulatory compliance and move away from any checkbox security mentality. "The larger point isn't whether Anonymous is likely to target someone's environment or not, but that shoddy security practices will eventually come back to bite them. For the past few years, the primary objective for many security teams has been passing an endless stream of IT audits, enforcing a checkbox mentality that doesn't measure up against any competent adversary." Moyer says.

Read more about network security in CSOonline's Network Security section.

Join the CSO newsletter!

Error: Please check your email address.

More about etworkGartner

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by George V. Hulme

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts