Hacktivists have the enterprises' attention. Now what?

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/705855/hacktivists-have-the-enterprises-attention.-now-what-

By George V. Hulme
CSO
May 07, 2012

Enterprise security pros have plenty to worry about: malware, insiders 
stealing information, an employee leaving an unencrypted notebook full 
of gigabytes of intellectual property on a train. However, the spate of 
hacktivist attacks in recent years from groups such as Anonymous and 
LulzSec has upped the anxiety level. According to a number of recent 
surveys, Most IT and security professionals see Anonymous as a serious 
threat to their companies.

So what to do about it? Should it change the way organizations secure 
their systems? Experts say, simply, most enterprises probably should.

The first piece of advice is to forget about security through obscurity. 
Assume you will be a target. "One of the interesting things about 
hactivism is that it is difficult for a company to determine in advance 
whether it is going to be the subject of a hacktivist attack," says Mark 
Rasch, director of cybersecurity and privacy consulting at Computer 
Sciences Corporation "Take a mid-sized company that manufactures widgets 
in Wisconsin. They could easily ask: 'Why would hactivists be after 
us.'"

There are plenty of unforeseeable reasons. "We're not involved in 
politics. We don't do anything particularly controversial. Suddenly, the 
spokesperson they have for their ads, who they've hired from their 
public relations firm, who in turn hired an ad firm, that's hired a 
person to put together an ad that hired an actress who says something 
that offends some group. Now you're off to the races. The point is it 
may be nothing they did. They may be a victim of circumstance or 
happenstance," says Rasch.

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org