The Enterprise Versus the Hactivist: How Protective Measures Like Secure File Sharing are Your Strongest Defense
by Jaap van Duijvenbode on March 07, 2016
Hacking is getting more personal. Meanwhile, it's also becoming more sophisticated and is generally well-funded, often by world governments and other deep pockets. Enter the Age of the Hacktivist. Hacktivists of today are a different creature than those that gained popularity in the late 1990's and early 2000's, such as the Cult of the Dead Cow. Today's hackers don't just shut down the enterprise website for a few hours with a DDoS attack, These skilled and sinister groups use DDoS attacks as merely diversions while they go for richer pay dirt -- namely the corruption or theft and publication of data in an attempt to humiliate, frustrate, or drain funds and/or customers and revenue from the business which they have targeted.
What Hacktivists are After
Though collecting forensic evidence after the fact can be helpful in identifying the hackers behind the attack, it takes careful planning before hand to prevent an attack from happening in the first place.
Today's hackers seek to damage corporate reputations, get revenge, or tarnish the image of the enterprise. Sometimes they simply corrupt data, other times they steal it or steal and publish it (such as in the case of the so-called cheating spouse website, Ashley Madison). Some of these hacktivists are supported by governments that are the enemies of the native country of the targeted enterprise. Other times, the hacktivists are trying to enact revenge on the company for some perceived injustice.
Reasons for revenge hacktivism range from the group's perception that the company's hiring practices are unfair to a belief that the enterprise violated someone's First Amendment right to free speech. Hacktivists also range widely in their skill sets. Some are quite knowledgeable, while others are dependent on code they bought on the Dark Web to do their mischief.
What Hacktivisits Do
Hactivists are different from other hackers in several respects; most notably that they are not after financial gain. Hacktivism is committed to right a perceived injustice, whether real or perceived, instead of to steal identities or ransom data to make money.
One notable example of the new face of hacktivism is the notorious group Anonymous. All it takes for a hacker to join up and commit hack attacks against a business is to simply start calling themselves a member of Anonymous. There are no membership rosters, meetings, association fees, or other rights of passage into Anonymous.
Though these groups are often loosely associated, frequently operate from outside the nation or jurisdiction of the enterprise, and may have no actual association with the group they identify with, there are ways to recognize and even stop hacktivist activities against your organization.
According to a recent study, 58 percent of all businesses know before the hacktivist event occurs that they will be targeted. In fact, hacktivists almost always make their intentions public (as well as the reasoning behind the attack) before beginning. They are strong social media users, particularly Twitter, and have also been known to announce their plans via open forum groups or on their own group website.
How Your Enterprise is Going to Stop It
There are a number of effective ways to stop a hacktivist attack. First, doing business responsibly is a great first step for staying out of their crosshairs. If your hiring, employment, and firing practices are fair, this alone can eliminate you from the running when hacktivists are choosing their targets. You can also:
• Subscribe to a threat feed provided by a reputable security vendor.
• Develop a schedule for regular software updates and firmware updates to close any known vulnerabilities.
• Employ monitoring tools and strategies at the network, system, device, and user levels. Establish a baseline of a normally functioning network and set alerts to alarm if the threshold of normal activity is breached.
• Centralize your file storage and enable secure file sharing across the enterprise. This keeps the amount of data and location of data under closer supervision, and makes it easier to secure as well as easier to identify when a breach occurs.
• Create an incident response plan, which includes press releases and media contact, a plan for notifying and working with law enforcement, assembling a team to handle various aspects of the response, and a means for restoring any data that has been corrupted or lost.
How has secure file sharing helped other enterprises protect against hacktivism and other common threats in today's IT environment? Read our customer success stories here.