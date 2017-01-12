From the DNC email hack to the Panama Papers, 2016 was a watershed year for politically minded hackers.

For example, the leaked Panama Papers revealed that former United Kingdom prime minister David Cameron had benefited from a Panama-based offshore trust set up by his late father. The subsequent fallout from the affair hurt Cameron’s public credibility in the “Brexit” vote to leave the European Union.

But when it came to scope and ambition, no politically-driven campaign matched the cyberattacks that targeted top Democrats in the months prior to the United States presidential election on Nov. 8.

Throughout the summer and fall of 2016, Wikileaks published a trove of private emails and confidential documents belonging to the Democratic National Convention. U.S. intelligence agencies and private security researchers later concluded that the Russian government was involved in the breaches, which were triumphantly announced by shadowy hacker groups with aliases like Guccifer 2.0 and DC Leaks.

Is your organization in the cross hairs?

There are lessons here for non-government organizations — even those that don't get involved directly with politics.

Unlike years past, when political hacktivism was associated with fringe groups like Anonymous and WikiLeaks, there’s now a long list of known hacktivist organizations that constitutes an increasingly mainstream force, whether state-supported or not.

Hacktivists, who historically sought to bring attention to their cause by making their points with disproportionate displays, can bring that same intensity to target your organization. They can also inflict damage in any number of other ways - including embarrassment.

Recall the 2015 incident in which hacktivists stole private information on 37 million users of the Ashley Madison website, an adultery website that encourages users to cheat on their partners. The aftermath of the hack left the company struggling to repair its reputation after reports of suicides by members, divorces and extortion attempts.

The new job description

In our increasingly connected world, political grievance easily finds outlets and organizations can suddenly find themselves in the political crosshairs. As always, the onus falls upon security practitioners to maintain a proactive posture with tactics and measures designed to mitigate risks.

Hacktivists are more ideologically motivated than the usual cybercriminal, a trait that makes their behavior unpredictable. Still, the same basic principles of cybersecurity apply with an emphasis on building a strong monitoring and detection capability with intrusion-prevention systems and web application firewalls that scan content as it gets uploaded or downloaded from the company website.

One extra tweak is called for: Since an organization’s public-facing assets and social media accounts are potential targets for politically minded hackers, organizations should limit access to Facebook and Twitter feeds from the corporate account to reduce the potential for abuse.

Defending against politically motivated hacks hasn’t been part of IT’s job description historically. But these are different times. Going forward, enterprise security managers will need to be more politically attuned and aware of the changing landscape of non-violent political expression. It’s a battle they know how to fight.

Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.