10 Ways to Deal With Hacktivist Attacks

 
 
By Karen A. Frenkel  |  Posted 01-11-2017 Email
 
 
 
 
 
 
 
 
 
  • Previous
    10 Ways to Deal With Hacktivist Attacks
    Next

    10 Ways to Deal With Hacktivist Attacks

    Hacktivists are not always looking for financial gain. They often exploit weaknesses so they can embarrass a company. Here are 10 tips for coping with attacks.
  • Previous
    Don't Provoke Potential Hackers
    Next

    Don't Provoke Potential Hackers

    Press releases about the advanced security of your organization run the risk of provoking hacktivists, so review social media posts, website content and press releases to be sure they can't be perceived as a challenge to hackers.
  • Previous
    Keep an Ear to the Ground
    Next

    Keep an Ear to the Ground

    To ensure that your defenses, detection mechanisms and response capabilities are based on sound threat intelligence, monitor social media, discussion forums and the DarkNet. Partner with an organization with in-depth experience doing this.
  • Previous
    Secure Your Environment
    Next

    Secure Your Environment

    Develop a mature security program. Perform regular penetration testing, in the form of Red Team and Blue Team exercises. Focus on attack patterns associated with hacktivism, such as data leaks, website defacement and social media account takeover.
  • Previous
    Safeguard Social Media Accounts
    Next

    Safeguard Social Media Accounts

    To secure your social media accounts, use two-factor authentication and strong, varied passwords, and train the staff members who manage social media in proper security awareness.
  • Previous
    Protect Third-Party Services
    Next

    Protect Third-Party Services

    An attacker doesn't need to compromise vulnerabilities on your servers if he or she can compromise the account details for the admin panel used to manage the remote virtual environment. So address this issue with account security password best practices.
  • Previous
    Prepare and Initiate Your IR Plan
    Next

    Prepare and Initiate Your IR Plan

    Initiating an incident response (IR) procedure as quickly as possible will help effectively manage the incident. Depending on the type of incident, engaging with corporate communications, public relations firms and legal counsel early will help lessen wider fallout.
  • Previous
    Scope and Triage the Incident Quickly
    Next

    Scope and Triage the Incident Quickly

    Because the principal motivation for hacktivism is to cause disruption and embarrassment, it's not uncommon for different attacks to occur simultaneously. To manage simultaneous yet distinct incidents, form multiple IR teams and pay extra attention to resource management.
  • Previous
    Proactively Communicate With Affected Parties
    Next

    Proactively Communicate With Affected Parties

    Quickly confirm facts related to a breach. Then develop a remediation strategy and communicate it to customers and partners to help mitigate the effect of the attack.
  • Previous
    Think Carefully Before Engaging Law Enforcement
    Next

    Think Carefully Before Engaging Law Enforcement

    Engaging law enforcement is a double-edged sword: The resources and assistance are generally welcome, but the objectives of law enforcement-led investigations may not align perfectly with your organization's needs.
  • Previous
    Engage Law Enforcement at the Right Time
    Next

    Engage Law Enforcement at the Right Time

    Quickly engaging law-enforcement sends a positive message to the affected parties, but the decision to do so should not be taken lightly because of legal and regulatory responsibilities.
 

Hacktivist attacks affect everyone. You don't have to be a high-profile oil or pharmaceutical company to suffer from one. Just combining personal and work activities while online, posting too much information to social media or otherwise attracting unwanted attention could make you a magnet for hacktivists. Defending against hacktivist attacks is not straightforward. Hacktivists are not necessarily looking for financial gain. Instead, they often seek out and exploit weaknesses so they can embarrass you and your organization. Also, a hacktivist may exploit weaknesses to net a much bigger fish. "The term 'hacktivism' entered mainstream parlance following press coverage of Anonymous and other similar hacktivist groups in the early 2000s," according to Verizon's latest Data Breach Digest, "With this newly found publicity, a tech-savvy generation realized that digital activism and social protest may be an effective and accessible means to further one cause or another." Verizon offers some recommendations for mitigating the risks and responding to threat actor hacktivist attacks.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register