Hacktivism and commonplace security attacks are on the increase. What does this mean? I was changing the channels this weekend and landed on the local news. Before moving on, I happened to catch two “local” stories: 1. Citizen’s Bank, a fairly large regional bank based here in New England was experiencing a Distributed Denial of Service (DDOS) attack. A group of Iranian hackers called the Martyr Izz ad-Din al-Qassam Cyber Fighters claimed responsibility. 2. The hacktivist group Anonymous hacked the website of the U.S. Sentencing Commission, (www.ussc.gov) to protest the prosecution and eventual suicide of Aaron Swartz. Website defacement and DDOS attacks are nothing new but they have grown in numbers and sophistication over the past few years. In fact, hacktivism may represent a more pervasive type of threat than cyber crime or state sponsored cyber espionage. If someone doesn’t like you or your organization, or your firm is engaged in some unpopular activity, you are more likely to suffer a cyber attack than ever. This situation will only get worse as hacking meets globalization. For the most part, information security professionals understand this threat. In a recent ESG Research survey, 46% of security professionals claimed that political hacktivists posed the greatest cybersecurity threat to their organizations – more than organized crime, cyber espionage, or foreign governments. Like it or not, hacktivism is a new form of political protest that could come from anyone or anywhere in the world. As a result of this reality: 1. Cybersecurity impacts organizations of all shapes and sizes. The bad guys know that regional banks and small organizations have fewer cybersecurity resources and skills than large shops. This makes these organizations attractive targets for cyber crime or hacktivist activities. As information security gets increasingly complex, these firms are likely to hand the keys to MSSPs like Dell, IBM, Symantec, or Verizon. 2. CISOs and security professionals should probably keep up with any “chatter” that directly or indirectly includes their organization, industry, product, or service. Remember that one news event could change increase risk on a moment’s notice. 3. The same thing goes for tracking company insiders – employees, contractors, even customers. I’m not suggesting an Orwellian response but someone should be paying attention to this; especially as it relates to IT professionals who may have an axe to grind. The local news here in Boston is paying more attention to cybersecurity. Hopefully, more information security professionals understand the ramifications here – pedestrian cybersecurity news probably means an increase in cybersecurity activity. As for the folks in Washington, they still don’t get it. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe