Hacktivism: Why it Matters for Small and Medium Businesses

The surge in activist hackers (hacktivists) that we saw in 2012 continues unabated in 2013 and can no longer be dismissed as a fringe threat to corporate America. Hactivists are no different from traditional cyber criminals and although their motives may be considered ideological or altruistic, the damage that can be inflicted can often be worse. This is particularly the case if your business has been identified as a target by an activist group.

The Verizon Data Breach Report identified the following common hacking actions: SQLi  (access to the backend database is obtained by
“injecting” code into URLq queries), Stolen credentials, brute force attack (when an algorithm runs through all possible permutations to crack a password) and RFI (Radio Frequency Identification chips that are used in some payment cards) as well as backdoor malware. The targeted assets are web applications, databases and mail servers.

What you can do to protect against hacktivists

The number one thing to deter a hacktivist attack is to focus on cyber-prevention. Prevention is not just about IT – it’s about the whole organization: people, process and technology.

• Update anti-virus software and scan for malware and web application vulnerabilities

• Put in place policies to protect credentials, customer data, etc.

• Train employees with access to sensitive information

• Limit access to sensitive information and ensure credential information is changed so that departing employees can no longer access systems