Hacktivists have the enterprises' attention. Now what?
Experts say enterprises need to be more prepared for anything and everything, including eventual compromises.
May 07, 2012 — CSO —
Enterprise security pros have plenty to worry about: malware, insiders stealing information, an employee leaving an unencrypted notebook full of gigabytes of intellectual property on a train. However, the spate of hacktivist attacks in recent years from groups such as Anonymous and LulzSec has upped the anxiety level. According to a number of recent surveys, Most IT and security professionals see Anonymous as a serious threat to their companies.
So what to do about it? Should it change the way organizations secure their systems? Experts say, simply, most enterprises probably should.
The first piece of advice is to forget about security through obscurity. Assume you will be a target. "One of the interesting things about hactivism is that it is difficult for a company to determine in advance whether it is going to be the subject of a hacktivist attack," says Mark Rasch, director of cybersecurity and privacy consulting at Computer Sciences Corporation "Take a mid-sized company that manufactures widgets in Wisconsin. They could easily ask: 'Why would hactivists be after us.'"
There are plenty of unforeseeable reasons. "We're not involved in politics. We don't do anything particularly controversial. Suddenly, the spokesperson they have for their ads, who they've hired from their public relations firm, who in turn hired an ad firm, that's hired a person to put together an ad that hired an actress who says something that offends some group. Now you're off to the races. The point is it may be nothing they did. They may be a victim of circumstance or happenstance," says Rasch.
"Today, security teams also need to be aware of public actions taken by their respective employers that might make them a target, and they need to be prepared to react," says Shawn Moyer, practice manager, research consulting at Accuvant Labs.
Hacktivist attacks can run the gamut from traditional website defacements to denial-of-service attacks and the theft of IP or log-on credentials which are then dumped publicly on the Internet in a desire to create embarrassment.
"Most of the successful Anonymous attacks have been taking advantage of very bad practices," says John Pescatore, vice president and research fellow at Gartner. Organizations would be wise to bolster their denial of service defenses. "One of the things that surprised a lot of companies have been the denial of service attacks. Suddenly they are identified with being against WikiLeaks or whatever, and they're getting slammed," he says.
"15 years ago when lightning struck an electric pole and the lights went out, the computers went dark, and everybody went out and stood in the hall. We learned that a data center without electricity is pretty useless. Now companies routinely spend money on back-up power supplies like emergency generators. The same now needs to be true now with the Internet connection. If the electricity stays up but the Internet connection goes down the data center is sort of an expensive lump of metal. You need the same reliability on your Internet connection and the Anonymous attacks are good examples of why," he says.