Because hacktivists are primarily interested in publicity, rather than financial gain, the organizational response should include information security, public relations, and legal expertise to limit the damage to corporate reputation, said Nowak, who is an author of a recent ISF white paper on hacktivism.
“The primary identifying characteristic of hacktivism is that it is a public relations maneuver attempting to gain attention for a cause or point of view. It happens to be accomplished using hacking techniques but the main goal is public relations. That is what unites all these attacks”, Nowak told Infosecurity.
“One of the main pieces of advice we have given our members is to build a relationship between the information security function and the public relations function in your organization, as well as the legal function”, Nowak advised.
The public relations group is likely to know about any controversial policies, products, or activities of the organization that might have attracted the attention of hacktivists. Nowak recommends that organizations hold simulations involving information security, public relations, and legal personnel to rehearse coordination in response to a hacktivist attack.
In addition, organizations should revisit their information security fundamentals since many of the hacktivist attacks exploit known vulnerabilities. “The thing I’m most surprised about in these stories is that the targets didn’t do things that we keep telling people they should do, like basic password security”, said Nowak.
“For example, HBGary…got hacked because key personnel with elevated privileges were using the same password on web servers and more sensitive systems. That was how the hacker was able to escalate and get access to confidential material”, he added.
Organizations should also identify systems or information that might be a potential target for hacktivists, particularly targets that might not be obvious to information security personnel. The white paper recommends isolating at-risk systems or shoring them up with load balancing or additional capacity.
At the same time, Nowak cautioned organizations not to overreact to the hacktivist threat. “Don’t get scared by the news media. They tend to pay attention to hacktivist groups and overdramatize various attacks. That does a disservice to information security professionals because it distracts from what really needs to be done”, Nowak said.
“People should think about responses that treat the entire incident as a public relations battle. For example, hacktivists that want attention for their cause are usually likely to release announcements or YouTube videos associated with the attack. We advise members to consider non-traditional responses; rather than the traditional press release, perhaps another YouTube video”, he concluded.